hiveleak attacks Behavioral Health System
Incident Date:
July 14, 2022
Overview
Title
hiveleak attacks Behavioral Health System
Victim
Behavioral Health System
Attacker
Hiveleak
Location
First Reported
July 14, 2022
Behavioral Health System Targeted by Hiveleak Ransomware Group
Company Overview
Behavioral Health System, a healthcare provider based in Maryland, offers a comprehensive suite of services aimed at supporting mental health. These services include psychotherapy, medication management, and psychiatric evaluations, catering to individuals seeking mental health support.
Impact of the Attack
The ransomware attack orchestrated by the Hiveleak group has led to the encryption of vital electronic health records and company files, compromising the data integrity of over 14,000 individuals. This disruption has severely impacted patients, restricting access to their medical records, which is crucial for making informed health decisions.
Vulnerabilities and Mitigation
This incident brings to light the escalating threat of ransomware attacks within the healthcare sector. In response, the Office for Civil Rights (OCR) advises all covered entities to reassess vendor relationships, adopt multi-factor authentication, and conduct regular audits of information system activities to bolster cybersecurity defenses.
Following the attack, the HHS Office for Civil Rights (OCR) concluded a ransomware investigation with Behavioral Health System. The settlement required the healthcare provider to pay $40,000 and undertake corrective measures to rectify potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is notable as it represents only the second instance of such an agreement following a ransomware attack investigation by OCR.
The ransomware attack on Behavioral Health System emphasizes the critical need for stringent cybersecurity protocols in the healthcare industry. With ransomware groups increasingly targeting healthcare providers, it is imperative for these organizations to elevate their cybersecurity posture and adhere to best practices to safeguard sensitive patient information.
Sources
- Behavioral Health System website
- CBS News: Change Healthcare Cyberattack
- HIPAA Journal: Ransomware Attack on Texas Mental Health Service Provider
- Healthcare Dive: HHS reaches second-ever ransomware settlement
- HHS: HHS' Office for Civil Rights Settles Second Ever Ransomware Cyber-Attack
- Health IT Security: HHS Settles Ransomware Investigation with Behavioral Health Provider
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.