Tampa General Hospital (TGH), a healthcare provider based in Florida, recently disclosed a cybersecurity event that potentially led to a breach of patient data. The hospital posted a notice on its website, stating that the incident occurred over three weeks in May and impacted approximately 1.2 million individuals.
According to the announcement, the breached data may have included names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, dates of service, and limited treatment information. TGH emphasized that its electronic medical record system was not involved or accessed during the breach.
Although the attackers have not been identified, a cyber gang known as Snatch Team claimed responsibility for the breach and added the hospital to its leak site, where it alleged to have stolen 4TB of data. It is unclear whether a ransom demand has been made, but TGH confirmed that its IT team successfully prevented the encryption of any files.
Al Martinek, a Customer Threat Analyst at Horizon3.ai, highlighted that stolen credentials are a common method used by cyber threat actors to gain unauthorized access to networks. He explained that attackers often log in using legitimate user credentials obtained from previous data breaches. To evade detection, they rely on these credentials and built-in tools, rather than sophisticated malware.
Martinek further outlined various ways in which threat actors exploit stolen credentials, such as taking advantage of weak password strength requirements, cracking hashes, leveraging compromised credentials that are reused across accounts, and using default credentials in web applications and system processes. Some threat actors even acquire cleartext credentials from dark web marketplaces. Once inside a network, they pose as legitimate users and move laterally to gain further access, steal sensitive data, bring down systems, or launch ransomware attacks.
Ani Chaudhuri, CEO of Dasera, acknowledged the challenges that hospitals like TGH face when it comes to safeguarding sensitive medical information amidst constant cyber threats. Chaudhuri remarked that data breaches are not limited to the healthcare sector but affect organizations of all sizes and industries worldwide. He stressed the importance of robust security measures, investment in advanced technologies, comprehensive training programs, and stringent security protocols to prevent unauthorized access to patient data.
In a related development, the US Federal Trade Commission (FTC) and the Department of Health and Human Services’ Office for Civil Rights (OCR) issued a warning to approximately 130 hospital systems and telehealth providers regarding potential privacy and security risks associated with third-party tracking tools used on their websites. The officials named Meta Pixel and Google Analytics as examples of such tools that gather identifiable user information as they interact with websites or mobile apps. They emphasized that exposing sensitive patient data through these tracking tools could violate Health Insurance Portability and Accountability Act (HIPAA) rules.
The letter from FTC and OCR highlighted that even entities that are not covered by HIPAA are still required to protect certain health data under the FTC Act and the FTC Health Breach Notification Rule. The officials urged healthcare organizations to monitor the data flows of health information to third parties through integrated technologies on their websites or apps.
In another concerning development, June 2023 witnessed a record-breaking number of ransomware attacks. A report from Corvus Threat Intel revealed that the number of listed companies on leak sites reached an all-time high. The frequency of attacks increased by 38% compared to the previous month and a staggering 179% compared to the same period last year. This marked the fifth consecutive month to see a year-over-year increase in ransomware victims.
The Cl0p ransomware group was identified as a significant contributor to the rise in ransomware activity. They exploited a vulnerability in the widely-used MOVEit file transfer app, resulting in multiple breaches. The NCC Group’s Global Threat Intelligence team supported these findings, reporting that Cl0p claimed 90 victims in June alone. The report also noted a 221% increase in total ransomware attacks compared to the same period last year.
Matt Hull, Global Head of Threat Intelligence at NCC Group, emphasized the importance of organizations remaining vigilant and adapting their security measures to stay ahead of cyber threats. He advised any organization using MOVEit File transfer software to apply the recent patch, as the vulnerability is actively being exploited. Alongside Cl0p, other ransomware groups like Lockbit 3.0, 8base, Rhysida, and Darkrace also contributed to the surge in attacks. North America was the most targeted region in June, with the Industrial sector being the primary target.
As cyber threats continue to escalate, organizations across various industries, including healthcare, must prioritize data security and invest in comprehensive measures to protect sensitive information. The recent breaches serve as reminders of the need for enhanced cybersecurity practices and ongoing efforts to prevent unauthorized access and data breaches.