Weekly Cybersecurity Recap February 16
Table of Contents
- By Steven
- Published: Feb 16, 2024
- Last Updated: Feb 20, 2024
This week was particularly active in Cybersecurity—attacks rained upon all states, from the Great Basin of Nevada to the Volcanoes of Hawaii. The week began with an announcement out of Texas: U.S. Renal Care found exposed information from a vendor breach in 2023, impacting over 132k patients. Connecticut College was also featured this week; investigations are ongoing, but victims shouldn’t wait to protect themselves. The public also got an update on the PJ&A data breach from 2023. This week, we learned more about the event—and its newest impact figure of 13.3 million. Azura, a national vascular care provider, also announced a breach where an unauthorized actor accessed and encrypted the data of over 348k patients. The last breach of this week came out of beautiful Hawaii, where an unauthorized party attacked a healthcare network. Experts responded, but couldn’t stop the exposure of over 462k patients in the islands. Read a synopsis of each event below.
U.S. Renal Care Inc.
HealthEC’s 2023 cybersecurity event impacted a massive kidney health and wellness provider, Renal. HealthEC is a third-party vendor provider that assists providers with serving their patients and associates. In July, HealthEC had an unauthorized actor access and steal files about HealthEC’s clients, of which Renal was one. Victims of this event have a lot of potentially exposed data, including victim names, identifying information (including Social Security Numbers (SSNs)), medical details, health insurance data, and billing/claims credentials. Those impacted by this event must take action as quickly as possible before the data can be misused.
Connecticut College
In 2023, threat actors victimized CC by accessing their network environment and stealing system data. The data likely belongs to students, alums, and college associates. Some compromised data includes names, SSNs, education histories, financial data, taxpayer information, and medical treatment histories for those using CC’s department health services. Despite ongoing investigations, victims don’t have to wait for their physical impact notice to start safeguarding their data.
Perry Johnson & Associates
A medical transcription provider based in Nevada, PJ&A released an update about their event in connection with their partners, releasing data breach notices stemming from their incident. According to what is public about the event, an unauthorized actor accessed their systems and removed data; this data may include victims’ names, personally identifiable information, including SSNs, contact data, clinical details, treatment and provider information, and insurance credentials. Victims must act to protect themselves, especially as more breaches appear in connection to the PJ&A event.
Azura Vascular Care
In 25 states, Azura is a national resource for outpatient vascular care. In September 2023, officials noticed encryptions within Azura's system and responded to the threat, although it is unclear if the criminals focused on profits from extortion or entertainment from disruptions. The assailants stole patient data in this event, including names, contact data, demographic details, SSNs, insurance and provider details, diagnosis and treatment data, and some medical histories. Victims of this breach must consider identity and medical account monitoring services to mitigate the possible consequences of the incident.
Navvis & Company
Navvis is a healthcare solutions provider serving patients nationally; they serve thousands of patients and healthcare employees in Hawaii. In July 2023, officials discovered an unauthorized actor within Navvis systems—they expelled them but could not stop data access. Compromised data elements include names, dates of birth, health plan and provider information, medical details and patient numbers, and various health and clinic data. Victims of this breach are at high risk for identity and medical information misuse, but they can act to protect themselves.
