web analytics

Hospital Notifies 316,000 of Breach in Christmas 2023 Hack – Source: www.databreachtoday.com

hospital-notifies-316,000-of-breach-in-christmas-2023-hack-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author:

Breach Notification , Fraud Management & Cybercrime , Healthcare

Cybercriminal Gang ‘Money Message’ Claims Credit, Publishes Stolen Records Marianne Kolbasuk McGee (HealthInfoSec) • December 10, 2024    

Hospital Notifies 316,000 of Breach in Christmas 2023 Hack
Anna Jaques Hospital is notifying more than 316,000 employees and patients of a Christmas 2023 hack affecting their information. (Image: Anna Jaques Hospital)

A Massachusetts hospital is notifying 316,000 people that their information was compromised in a cyberattack discovered nearly a year ago during Christmas 2023. Cybercriminal group Money Message claimed that it stole 600 gigabytes data in the incident, posting patient and employee records on the gang’s dark website back in January.

See Also: How Overreliance on EDR is Failing Healthcare Providers

Anna Jaques Hospital, which is based in Newburyport and is part of the much larger Boston-based Beth Israel Lahey Health healthcare system, told Maine state regulators on Dec. 5 that it experienced a cybersecurity incident on its network on or around Dec. 25, 2023, which temporarily disrupted some of its IT systems.

As of Tuesday, the Anna Jaques Hospital incident had not yet appeared to be posted on the U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool website, which lists breaches affecting 500 or more individuals.

Anna Jaques Hospital in an updated public statement issued on its website last week said it had first posted a notice about the incident on Jan. 23, while the hospital was conducting its investigation, “out of abundance of caution.”

But the updated notice says Anna Jaques Hospital on Nov. 5 finally completed its “thorough forensic investigation and manual document review,” determining that certain files containing information were “accessed” by an unauthorized party.

The hospital’s notice does not mention that data was also allegedly stolen in the incident and published on Money Message’s darkweb blog site. Those leaked documents include employee disciplinary records, patient vaccine, medical imaging orders and diagnoses, and files containing other detailed information.

Anna Jaques Hospital said in its breach notice that compromised information varies per individual but may include demographic information, medical information, health insurance information, Social Security number, driver’s license number, financial information and other personal or health information.

Upon detecting the incident, the hospital said it “contained the network,” launched an investigation and notified law enforcement. “Anna Jaques Hospital has no indication that there has been any fraud as a result of this incident,” the notice said.

An attorney representing Anna Jaques Hospital did not immediately respond to Information Security Media Group’s request for additional details about the incident and for comment on Money Message’s claims.

Extended Breach Analysis

Some experts said that based on Anna Jaques Hospital’s statements, the analysis of data compromised in the incident appears to have taken an unusually long time.

“An entire year for a forensic investigation is unheard of. In my experience, the longest investigations ran four to five months and those involved millions of users, which isn’t the case with this attack as reported,” said Jeff Wichman, director of incident response at security firm Semperis, and a former ransomware negotiator.

While Anna Jaques Hospital’s breach notice said the hospital engaged third-party cybersecurity experts to assist in handling the incident, many other not-for-profit organizations often have a difficult time with cyber staffing, said Paul Underwood, vice president of cybersecurity at Neovera, a managed provider of cloud and cybersecurity services.

This includes the ability to hire the number of security individuals needed to help maintain, operate and hunt for threats that discover malicious actors with access to their environments, Underwood said.

“With the limited staffing some of these not-for-profit companies have, it’s difficult to add additional analyst work to their current day-to-day operations, so organizations are at the mercy of what their insurance companies bring in for investigation assistance or they hire third parties to provide these analysis services,” he said.

What’s unclear from Anna Jaques Hospital’s statement so far are other factors that might have contributed to the lengthy analysis to determine the information compromised in the incident, other experts said.

“What we don’t know, however, is what logging was available to determine which systems or data was impacted,” said Scott Weinberg, CEO of Neovera.

“It’s possible that the ransomware attackers left a minimal or perhaps even a corrupt trail of evidence behind them, making it extremely difficult to determine what was viewed or downloaded.”

Wichman said he’s not surprised the attack last year on Anna Jaques Hospital took place during the holiday season. In fact, a recent Semperis holiday ransomware report shows that on average 72% of companies – and 74% of healthcare sector entities – have been hit by ransomware on holidays and weekends.

Because Money Message published Anna Jaques Hospital’s information on its darkweb back in January – where it remained posted as of Tuesday, it also appears the hospital did not engage in negotiations with the threat actors.

“Overall, there are times when organizations have a hard-and-fast rule not to engage with attackers. I don’t think it is beneficial to have that stance because the forensic investigation could have been shortened by at least understanding from the negotiation phase what the attacker may have stolen,” Wichman said.

Original Post url: https://www.databreachtoday.com/hospital-notifies-316000-breach-in-christmas-2023-hack-a-27016

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
HADESS
DevSecOps Guides – Comprehensive resource for integrating security into the software development by HADESS
DevSecOps Guides – Comprehensive resource...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos