Weekly Cybersecurity Recap January 5
Table of Contents
- By Steven
- Jan 05, 2024
This week, 2024, started with destructive numbers. Transformative Healthcare was featured early on; their breach happened in February 2023 and may impact over 900k people, including patients and former FAS employees. Bunker Hill Community College announced updates to their 2023 incident, where assailants released ransomware and stole an estimated 195k records. Fred Hutchinson Cancer Center’s breach appeared mid-way through the week—sporting the potential for substantial overall impact numbers. Oklahoma’s Integris Health was also attacked this week, with the assailants extorting victims over the holiday. And finally, another half million patients were exposed via PJ&A’s data breach—this time, from North Kansas Hospital in Missouri. Read more about each breach below.
In December 2022, Transformative Healthcare ceased the Fallon Ambulance Service (FAS); federal and state laws allowed them to push their system data to storage. Eight weeks later, cybercriminals entered their network. The assailants had access for over two months. The stolen data includes names, residential addresses, Social Security Numbers (SSNs), FAS employment details, medical details, and COVID-19 testing data. Those at risk from this breach primarily received telephone medical services in and around Boston.
Bunker Hill Community College
BHCC is a significant graduate generator in Boston, MA, churning over 100 unique degrees in essential subjects. The attack occurred by an unauthorized party who released ransomware into the college’s network. Victims of this event may include students, faculty, alums, vendors, or associates of the college. Their stolen data potentially includes names, dates of birth, SSNs, ID numbers (state, driver’s license, passport, alien), financial information (routing numbers, card details), college account usernames and passwords, medical details, and health insurance data. All BHCC associates must take steps to protect themselves—they shouldn’t wait for a notice to act.
Fred Hutchinson Cancer Center
A Washington-based clinic, FHCC provides cancer patients with care and University students with knowledge. The details of FHCC’s event are consistent with a ransomware event, although they have not stated the attack vector. The information stolen may include names, contact information, addresses, birthdays, SSNs, patient account details, medical records, lab results, provider data, and diagnosis/treatment details. Victims of this event must use caution when interacting online and consider medical ID monitoring services for protection.
Integris Health is a care network throughout Oklahoma; they support the region with 24 service locations, including rehabs, clinics, and hospitals. In November 2023, they experienced a data breach that may have taken as much as 4.6 million records. The assailants began extorting the victims to “secure” their data from the dark web; the data includes names, demographic data, SSNs, dates of birth, and contact data. Those with data at risk from this event must defend themselves immediately.
North Kansas City Hospital
Perry Johnson & Associates (PJ&A) is a medical transcription service; NKCH was one of their clients to whom they provided solutions. PJ&A found a breach in March of 2023, which has impacted the data of 500K patients. The data stolen in this event includes patient names, demographics, contact data, health insurance, clinical data, and dates of birth. Victims should expect a letter about the breach in the coming weeks—but they don’t need to wait to take action. They must protect themselves immediately.