Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Health care data breaches overview:
- Who: The Federal Bureau of Investigation, Treasury Department and Cybersecurity and Infrastructure Security Agency issued a joint alert warning health care organizations that they may be subject to sanctions if they pay ransoms following a cyberattack.
- Why: The agencies say that North Korean actors may be responsible for the health care data breaches, and that health care organizations may face liability if they pay a ransom.
- Where: The health care data breaches have affected multiple organizations in the U.S.
In a joint alert, the Federal Bureau of Investigation (FBI), Treasury Department and Cybersecurity and Infrastructure Security Agency (CISA) warned that North Korean groups have been responsible for multiple health care data breaches.
The agencies say that the state-sponsored actors used ransomware dubbed “Maui” to encrypt servers that store sensitive information such as health records, diagnostics and imaging and demand ransoms to restore access to the data.
Health care organizations that are found to pay ransoms to the North Korean groups listed on the Treasury’s Office of Foreign Assets Control sanctions list may face liability, the agencies warn.
At the same time, the North Korean groups are expected to continue their health care ransomware attacks.
“The North Korean state-sponsored cyber actors likely assume health care organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” according to the joint alert. “Because of this assumption, the FBI, CISA and Treasury assess North Korean state-sponsored actors are likely to continue targeting [healthcare] organizations.”
Agencies urge organizations not to pay ransoms if affected by health care data breaches
The FBI, Treasury and CISA urge health care organizations to protect their sensitive data by using encryption, limiting access, monitoring devices for signs of compromise and regularly reviewing internal policies regarding the handling of sensitive health information.
Health care organizations that have already been hit with a ransomware attack should scan their backup data with a trusted antivirus program to ensure that it is not infected with malware and report the ransomware incident to the FBI, CISA or U.S. Secret Service.
The agencies “strongly discourage paying ransoms” because payment does not ensure that the data will be recovered. Paying ransoms may also pose sanctions risks, the agencies warn.
Recent health care data breaches spur class action lawsuits
There have been several recent reports of health care data breaches that have compromised the data of numerous patients. SuperCare Health and South Shore Hospital are both facing data breach class action lawsuits alleging they failed to adequately protect private information from hackers.
On June 3, Kaiser Permanente announced that it was affected by a health care data breach that exposed the health information of more than 69,000 patients.
If your information was compromised as a result of a hospital data breach, you may qualify for a health care data breach class action lawsuit claim review.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements: