Two Florida Healthcare Providers Attacked with Ransomware

The Tampa, FL-based Agency for Community Treatment Services, Inc. (ACTS) is alerting certain patients that some of their protected health information has potentially been compromised in an October 21, 2020 cyberattack.

The security breach was detected on October 23 when ransomware was deployed. The hackers gained access to parts of the ACTS server and data infrastructure and encrypted files to prevent access. Systems were taken offline to prevent further unauthorized access and third-party computer forensic experts were engaged to assist with the investigation and determine the scope of the breach.

While unauthorized data access was possible, the investigation did not uncover any specific evidence to indicate patient data had been accessed or exfiltrated. ACTS explained that this was due to the extensive efforts made by the attackers to conceal their malicious activity. The attackers may therefore have accessed or stolen information stored on the breached systems.

The review of the compromised systems revealed they contained patient names, dates of birth, Social Security numbers, and medical records containing information such as diagnoses, treatment information, and health insurance information related to the services provided to patients between 2000 and 2013.

ACTS was able to restore the encrypted data from backups and did not pay the ransom and steps have been taken post-breach to strengthen security and prevent further attacks. Since patient data may have been compromised, ACTS is providing complimentary credit monitoring and identity theft protection services to all affected individuals.

Leon Medical Centers Attacked with Conti Ransomware
Leon Medical Centers, a network of 8 medical centers in Miami and Hialeah in Florida, experienced a Conti ransomware attack in which the protected health information of patients was allegedly stolen. The attackers issued a ransom demand and threatened to publish the records of patients stolen prior to the deployment of ransomware.

The attackers claimed the data stolen included patient names, addresses, Social Security numbers, diagnoses, treatment information, health insurance information, and patient photographs. They claim to have obtained the PHI of more than 1 million patients, although that claim has been refuted by Leon Medical Centers, which maintains the amount of data stolen has been grossly overstated.

The attack occurred prior to December 22, 2020 and Leon Medical Centers is still investigating the breach. At this stage it is unclear exactly what information was stolen and how many patients have been impacted.

Proliance Surgeons Announce Corporate Website Breach
Proliance Surgeons, a Seattle, WA-based surgical practice, has suffered a breach of its corporate website in which payment card information may have been stolen. In a December 23, 2020 breach notice, the practice explained that its investigation revealed the attackers had access to the website between November 13, 2019 and June 24, 2020. During that time, the attackers potentially accessed and obtained cardholder names, card numbers, expiry dates, and zip codes. No other protected health information was involved. The breach was limited to individuals who paid for services online, not individuals who paid over the phone or in person.

The cause of the breach has been identified and addressed and a new website with a different payment platform has been implemented, which has superior security protections. Proliance has coordinated with the major payment card providers to prevent unauthorized charges on the affected cards. Individuals affected by the breach have been advised to check their statements carefully and to report any unauthorized charges to their card provider.