web analytics

Healthcare System Notifies 180,000 People 1 Year After Hack – Source: www.govinfosecurity.com

healthcare-system-notifies-180,000-people-1-year-after-hack-–-source:-wwwgovinfosecurity.com
Rate this post

Source: www.govinfosecurity.com – Author: 1

Breach Notification
,
Healthcare
,
Industry Specific

Multiple Challenges Can Delay Breach Response and Notification, Experts Say

Marianne Kolbasuk McGee (HealthInfoSec) •
August 14, 2023    

Healthcare System Notifies 180,000 People 1 Year After Hack
Patients of Tift Regional Medical Center and its sister facilities are now being notified of an August 2022 hacking incident. (Image: Tift Regional Health System)

A Georgia healthcare system is notifying more than 180,000 individuals of a data compromise involving a hacking incident first detected a year ago. The apparent Hive ransomware attack involved hackers accessing and copying files containing patient information, including medical and banking account information.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

The delayed notification spotlights the range of growing breach response and notification challenges some organizations face, especially as increasing numbers of entities in the healthcare sector and other sectors become the victims of far-reaching data compromises by cybercriminals.

“It’s a case-by-case basis. Some delays are legitimate, and others are not,” said regulatory attorney Rachel Rose.

Tift Regional Health System said in a Friday data breach disclosure that a hacking incident had been detected on Aug. 16, 2022, and affected 180,142 individuals.

The Tifton, Georgia-based healthcare system first reported the hack to the U.S. Department of Health and Human Services’ Office for Civil Rights on Oct. 14, 2022, as affecting 500 individuals.

Because federal regulators require organizations to report HIPAA breaches affecting 500 or more individuals to HHS OCR within 60 days of discovery, some entities report those breaches with a placeholder estimate – typically 500 individuals – until cyber defenders can determine a more accurate count.

Tift Regional, which also goes by the name Southwell, is a not-for-profit healthcare system serving 12 counties in south central Georgia. The organization has about 135 physicians, several specialty care facilities and Tift Regional Medical Center, a 181-bed regional referral hospital located in Tifton, Georgia.

DataBreaches.net reported last September that the ransomware group Hive had claimed to have downloaded 1 terabyte of Tift data in a July 2022 attack and that negotiations between Hive and Tift had broken down.

Tift did not immediately respond to Information Security Media Group’s request for comment and for additional details about the incident, including why notification had been delayed and whether Hive had been involved.

Tift Breach Details

In an updated breach notice posted on its website on Aug. 7, Tift said that on or around Aug. 16, 2022, the organization had become aware of suspicious activity affecting certain systems within its network.

Tift said there had been no malicious encryption of its systems and the network had been available for staff to provide patient care. “The investigation determined that certain files on TRHS systems may have been accessed or copied without authorization between Aug. 11 and Aug. 17, 2022.

Tift said it conducted a review to determine the personal information contained in the affected files. The data potentially compromised includes certain individuals’ Social Security numbers, patient identification numbers, driver’s license numbers, medical information, treatment information, diagnosis information, health insurance information, financial account information, and birthdates.

Growing Difficulties

An assortment of factors could be related to why Tift’s breach notification lagged for one year.

“Hive was taken down by the FBI, and the announcement was made in January 2023,” Rose said. If Tift contacted the FBI about its attack, it is possible that the organization delayed notification in part due to federal law enforcement coordinating internationally to take down Hive, she said (see: Will Hive Stay Kaput After FBI Busts Infrastructure?).

There could also be other reasons for the delay, according to Rose. “It may legitimately depend upon the type and complexity of the attack. It could also be that an organization does not know where all of its data is located.”

Some experts also say the one-year interval between the detection of Tift’s incident and the identification of affected individuals is indicative of the scope of difficulties in breach response and notification that many other entities face.

There are challenges involving insufficient log records; lengthy, complicated and time-consuming reviews to determine the extent of information accessed or stolen; and a scarcity of available skilled professionals who can assist in conducting speedy reviews.

“One needs to correlate things like the amount of data that were seen being exfiltrated, the type of data in the source files, and the identity of the patient in each,” said Michael Hamilton, CISO and founder of security firm Critical Insight. Hospital records are dynamic, so it can be difficult to get an accurate count and identity list of the persons existing in records during the days or weeks when the incident occurred, he said.

Other issues, such as involvement of cyber insurers and the threat of possible class action litigation, could also affect breach response and notification processes.

“Data breaches are a hot area for lawsuits,” Rose said.

With so many organizations in and out of the healthcare sector experiencing hacking incidents and other breaches, waiting times to complete investigations are getting longer in some cases, Hamilton said.

“The length of these investigations is in part a function of the dearth of qualified forensic examiners. Incident response and forensic companies routinely partner because of just that – the demand for these individuals is clearly outstripping supply,” he said.

“In order to determine an accurate accounting of records that may have been accessed, it’s necessary to bring in forensic examiners to review logs and other evidence,” Hamilton said. “With a shortage of qualified practitioners, this may be a rate-limiting step.”

Legitimate forensic companies are responsive, Rose said. And while there may be delays, it is critical for counsel to work with the government agency to let them know the number of people identified and send notices out unless otherwise instructed. “It would also be prudent to let the public know that notices are coming to those who are impacted and may be issued in tranches as more information is learned,” she said.

Also, the headcount of affected individuals reported in breaches sometimes climbs in cases where the necessary log and other records are insufficient to determine exactly whose data and what information was compromised, Hamilton said.

In those cases, entities “must claim that everyone is affected,” he said.

Tift said in its breach notice that it is reviewing its existing cybersecurity policies and procedures and evaluating additional measures and safeguards to protect against this type of incident in the future.

Original Post URL: https://www.govinfosecurity.com/healthcare-system-notifies-180000-people-1-year-after-hack-a-22811

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource...
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An...
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL...
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats...
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations...
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by...
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by...
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY...
SOC SIEM Use Cases
SOC SIEM Use Cases
safecode
Six Pillars of DevSecOps- Collaboration and Integration
Six Pillars of DevSecOps- Collaboration...
SentineOne
WatchTower I ntelligence-Driven Threat Hunting
WatchTower I ntelligence-Driven Threat Hunting
CNIL
Security of Personal Data
Security of Personal Data

More Latest Published Posts

CISA | Cybersecurity and Infrastructure Security Agency
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
McKinsey & Company
Transforming risk efficiency and effectiveness
Transforming risk efficiency and effectiveness
Arnold Antoo
Zero Trust Security Model
Zero Trust Security Model
Richea Perry
Your Cybersecurity Toolkit
Your Cybersecurity Toolkit
IGNITE Technologies
Wireless Penetration Testing
Wireless Penetration Testing
Joas A Santos
Windows API for Red Team #101
Windows API for Red Team #101
Economic Research Working Paper
Artificial Intelligence and Intellectual Property
Artificial Intelligence and Intellectual Property
CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN UN SIEM
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of AI Risk and Impact Assessments
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity planning
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat Huntingand Detection
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES
Project Management Institute
Building Resilience Through Strategic Risk Management
Building Resilience Through Strategic Risk Management
DATA LOSS PREVENTION (DLP)
DATA LOSS PREVENTION (DLP)
AICSSolutions
Cybersecurity Red Team
Cybersecurity Red Team
cisco
Cyber Incident Response
Cyber Incident Response
CSR Cyber Security Council
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
SYBEX
Cybersecurity ESSENTIALS
Cybersecurity ESSENTIALS
Agency for Digital Government
Cyber security in supplier relation ships
Cyber security in supplier relation ships
RINKU
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
CNIL
PRACTICE GUIDE GDPR
PRACTICE GUIDE GDPR