EXECUTIVE SUMMARY:

Healthcare organizations are continuing to suffer on account of destructive cyber attacks. Attacks are paralyzing networks, depleting patient trust, and leading to other adverse consequences.

Refuah Health Center cyber attack

In New York, Refuah Health Center has commenced the notification of 260,740 persons regarding a cyber security incident. Upon discovering the incident in June of 2021, the health center immediately launched an investigation, according to reports. However, the health center did not explain the year-long gap between discovery and notification.

On account of the gap, hackers may have already begun to sell or leverage sensitive information for their own purposes. Individuals affected by the Refuah data breach may or may not have observed fraudulent activity related to their healthcare or financial information.

Affected information

The personal data exposed through the breach may have included names, Social Security numbers, medical record numbers, driver’s license numbers, state identification numbers, birth dates and credit and debt card information, along with financial account information, Medicare/Medicade numbers, patient account numbers, diagnosis information and health insurance policy numbers.

Attack attribution

The attack is attributed to the Lorenz ransomware threat actors, who added the Refuah Health Center to their leak site in June of last year. Since then, the listing appears to have been removed from the leak site.

What concerns experts is the fact that the Lorenz gang typically makes data available for sale to other threat actors (or possible competitors) in the event that an organization refuses to pay a requested ransom. Lorenz has also been known to publicly release passwords for data leak archives.

In some cases, Lorenz also sells access to a victim’s internal network. For some threat actors, access to internal networks is perceived as of even greater value than medical data, which can sell for as much as $1,000 USD per record.

Refuah Health Center’s response

“Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal and protected health information in our possession and have taken many precautions to safeguard it,” said a recent notice from Refuah Health Center.

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of personal and protected health information. Since this incident, we have installed a new firewall and conducted a vulnerability assessment.”

Closing thoughts

The healthcare ransomware epidemic is growing. Several other healthcare groups have fallen victim to ransomware attacks this year, and trends are expected to continue in this direction.

Another unsettling element is that healthcare organizations are often unaware of cyber attacks or threats until long after the hackers have disappeared from systems. This points to the need for stronger threat intelligence, better threat detection systems, and more efficient remediation processes for organizations within the healthcare space.

Resources are available that can help healthcare sector organizations implement stronger cyber security practices. For more information about protecting health data in the new normal, please see CyberTalk.org’s whitepaper. Please also review New Paradigms in Patient Care and Powerful Cloud Security Architecture for Top-Tier Cloud-based Care.

Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.