TTA’s Finally Spring: DOJ sues Apple on monopoly, ’23 breached records up 187%, funding’s back and AI’s got it, Walgreens shrinkage, more!

March 22, 2024 | by

 

 

A mixed week with the Change/Optum hack gradually resolving and receding. The Big Quake was DOJ’s antitrust suit against Apple for smartphone monopoly and control over apps. Another quake is that 2023 data breaches were up 187%–when a medical record is worth $60, it’s logical. Early stage funding and partnerships are back with a roar when AI’s in your portfolio. And Walgreens shrinks both VillageMD and distribution.

2023 US data breaches topped 171M records, up 187% versus 2022: Protenus Breach Barometer (And that was LAST year!)
Why is the US DOJ filing an antitrust lawsuit against Apple–on monopolizing the smartphone market? (One wonders)
Mid-week roundup: UK startup Anima gains $12M, Hippocratic AI $53M, Assort Health $3.5M; Abridge partners with NVIDIA; VillageMD sells 11 Rhode Island clinics; $60 for that medical record on the dark web (Funding’s back and AI’s got it)
Walgreens’ latest cuts affect 646 at Florida, Connecticut distribution centers (More in next week’s financial call)

A lighter week with the Change hacking starting to recede (pharmacy back up on Wed 13 March) and most industry types at HIMSS, we caught up with the first VA go-live in a year, Dexcom’s cleared OTC CGM, WebMD doubles down on health ed with Healthwise buy, Centene may sell abandoned HQ building. And Friday’s news is on a big cyberattack of an NHS Scotland region.

Weekend roundup: NHS Dumfries (Scotland) cyberattacked; delisted Veradigm’s strong financials; One Medical NY patients’ coverage clash; Suki voice AI integrates with Amwell; Legrand and Possum extended; Zephyr AI’s $111M Series A

News roundup: Cerner goes live at VA, DOD Lovell Center; WebMD expands education with Healthwise buy; Dexcom has FDA OK for OTC glucose sensor; Centene may have buyer for abandoned Charlotte HQ (Back to normal news!)
Updates on Change cyberattack: UHG’s timeline for system restorations, key updates around claims and payments in next weeks (updated) (Saving the analysis for later)

The Change Healthcare/Optum cyberattack entered a second week with no restoration of services in sight; how providers and pharmacies are coping without their primary means of processing patient claims and furnishing care–and the psychological toll; and the uncertain future of Walgreens, WBA, and the rapid downsizing of their provider arm, VillageMD. To add further insult to UHG, now DOJ is putting them under antitrust scrutiny.

Is BlackCat/ALPHV faking its own ‘death’? (updated) HHS and CMS come to Change affected providers’ assistance with ‘flexibilities’
Update: VillageMD lays off 49 in first two of six Village Medical closures in Illinois
Reality Bites Again: UHG being probed by DOJ on antitrust, One Medical layoffs “not related” to Amazon, the psychological effects of cyberattacks
Facing Future: Walgreens CEO moves company into strategic review–will he get WBA board alignment? (‘Go big’ now in reverse)
Week 2: Change Healthcare’s BlackCat hack may last “for the next couple of weeks”, UHG provides temp funding to providers, AHA slams it as a ‘band aid”–but did Optum already pay BlackCat a $22M ransom? (updated) (When will it end? Providers. staff, and patients are hurting)

Three major stories lead this packed week. Change Healthcare’s and Optum’s week-long struggle to get 100 or so BlackCat hacked systems up and running again for pharmacies and hospitals–no end in sight. Walgreens keeps closing Village MD locations–up to 85. But the funding freeze seems to be thawing, with M&A and lettered funding rounds suddenly poking through like daffodils–though the structure of one (Dario-Twill) is puzzling and another may be contested (R1 RCM). And Veradigm finally delists–while buying ScienceIO.

BlackCat is back, claims theft of 6TB of Change Healthcare data (Latest breaking news)

Breaking: VillageMD exiting Illinois clinics–in its home state–as closures top 80 locations (Something not good in the Village)
Short takes on a springlike ‘defrosting’: Redi Health’s $14M Series B, Dario Health buys Twill for ~$30M (About time for a Spring thaw)
Roundup: Walgreens’ new chief legal officer; Digital Health Collaborative launched; fundings/M&A defrosting for b.well, R1 RCM, Abridge, Reveleer; Veradigm likely delists, buys ScienceIO–mystery? (updated)
Change Healthcare cyberattack persists–is the BlackCat gang back and using LockBit malware? BlackCat taking credit. (update 28 Feb #2) (100 systems down, BlackCat’s back)

A few surprises at week’s end, with what appears to be a cyberattack taking down Change Healthcare’s systems and Walgreens’ VillageMD exiting Florida. There’s life in funding and stock buybacks but Oracle Cerner’s in the same-old with the VA. Teladoc on slow recovery road, telemental health coming back, LockBit busted, Musk’s Neuralink implant, and a few thoughts on AI. 

Weekend reading: AI cybersecurity tools no panacea, reality v. illusion in healthcare AI, RPM in transitioning to hospital-at-home, Korean study on older adult health tech usage (AI obsession?)
Breaking: Walgreens’ VillageMD shutting in Florida; Change Healthcare system websites cyberattacked (updated) (Two shockers)
Mid-week roundup: Cotiviti’s $10.5B stake to KKR; Cigna buys back $3.2B shares; VA Oracle Cerner faulty med records; LockBit ransomware websites cold-busted at every level, principals indicted; Trualta partners with PointClickCare
Teladoc closes 2023 with improved $220M loss, but weak forecast for 2024 leads to stock skid (Teladoc in recovery)
Telemental news roundup: Brightside Health expands Medicaid/Medicare partners; Blackbird Health gains $17M Series A; Nema Health’s PTSD partnership with Horizon BCBSNJ (A comeback badly needed)
Neuralink BCI human implant subject moving computer mouse by thought: Elon Musk (Controversy)

A week with a lot of Facing The Music, as the snow and chill continue as we’re ready for spring, already. Four payers scuttle mergers, Walgreens and Amazon are reorganizing big time, and the losses (Amwell especially) and layoffs continue. Apple wins a round in its patent fight with AliveCor. It’s the New Reality and let’s hope we get to a Newer, Better Reality soon. Maybe it’s time to focus on designing tech that is older adult (and not so older adult) friendly–and yes, there are some ‘green shoots’.

Weekend reading: why the tech experience for older adults needs a reboot (a boot in the….?), health tech takeaways from CES (Must reads)
Mid-week news roundup: Elevance-BCBSLA, SCAN-CareOregon mergers scuttled; Amwell’s $679M loss, layoffs; Invitae genetics files Ch. 11; innovations released from DeepScribe, Essence SmartCare (DE), fall detection at Atrium Health (SC)
Further confirmation of the New Reality for digital health–lower valuations, more exits, fewer startups, tech buyers not seeing ROI (The cleanout continues)
AliveCor v. Apple latest: Federal court tosses AliveCor suit on heart rate app data monopolization (This David v. Goliath round goes to Goliath)
Facing the Music of the New Reality: Amazon Pharmacy & One Medical restructure; Walgreens shakes up health exec suites again, cashes out $992M in Cencora; new takes on NeueHealth; Cue Health, Nomad Health layoffs

Have a job to fill? Seeking a position? See jobs listed with our new job search partner Jooble in the right sidebar!

Read Telehealth and Telecare Aware: https://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our advertisers and supporters: Legrand, UK Telehealthcare, ATA, The King’s Fund, DHACA, HIMSS, MedStartr, and Parks Associates.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. 

Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine, and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

2023 US data breaches topped 171M records, up 187% versus 2022: Protenus Breach Barometer

March 22, 2024 | by

2023’s US healthcare data breaches hit an all time high, both in reported breaches and number of records affected. Protenus, which publishes an annual Breach Barometer, uses multiple data sources including Health and Human Services’ public breach tool. The numbers are shocking for both:

  • HHS 2023 reported 725 reports and about 135 million records
  • Protenus‘ numbers are significantly higher: 1,161 reports and 171,139,241 breached records. In 2022, the totals were respectively 1,138 reports affecting a total of 59,664,152 breached records. Breached records were up 187% in 2023.

The variance in reporting is due to factors including not knowing the true scope of the breach in reporting to HHS, state reports being incomplete, and business associate reports covering all or only some of their clients.

Also included in their report is a discussion on how HHS through the Office of Civil Rights (OCR) response to breaches contained in HHS’s 2022 annual report released last month. In investigating, they seem to prefer voluntary resolutions and corrective actions. Only three  resolution agreements with monetary penalties and corrective action plans were imposed.

The Protenus Breach Barometer report is available for free download here. DataBreaches.net collaborated with Protenus in the report.

Hackermania runs wild…all the way to the bank! Ransomware strikes Crozer-Keystone, UCSF med school, others

July 1, 2020 | by

News to make you livid. After surviving (to date) the COVID pandemic, health systems and medical schools are being attacked by ransomware criminals. Both the small Crozer-Keystone Health System and the globally known University of California San Francisco School of Medicine have been attacked by the ever-so cutely named Netwalker (a/k/a MailTo). Yes, this criminal hacker gang isn’t outside banging pots for first responders or donating money, or even sticking to a brief truce (Emsisoft), but figuring ways to spread malware into healthcare organizations for fun and profit. 

And profitable it’s been. UCSF paid Netwalker the princely sum of $1.14 million (£910,000) in 116.4 bitcoins after an attack starting 1 June that was also (to add insult to injury) published on Netwalker’s public blog. In the timeline presented by BBC News, it was negotiated down (professionally) from $3 million; BBC also obtained some key parts of the negotiation via an anonymous tipoff, and it’s fascinating reading. Netwalker leads the victim to a dark web ‘customer service’ site where there’s a countdown to double payment or deletion of your now-encrypted data. They are also able to live chat with the victim.

UCSF was able to limit the malware encryption damage to servers within the School of Medicine (according to the BBC, literally unplugging computers; according to UCSF, isolating servers) but decided to pay the ransom to unlock the encrypted data and return data they obtained, stating in its public release “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good”. They will work with the FBI on the incident and have brought on board outside expert help.

According to FierceHealthcare, Netwalker was also behind the attack on the Champaign-Urbana Public Health District (Illinois) website in March and Michigan State University’s network in May.

Paying ransom is contrary to the advice of the major world security services such as the FBI, Europol, and the UK’s National Cyber Security Centre, on the simple basis that it encourages them. It’s a true damned-if-you-do, damned-if-you-don’t situation, as Brett Callow, a threat analyst at cyber-security company Emsisoft, said to the BBC: “But why would a ruthless criminal enterprise delete data that it may be able to further monetise at a later date?” 

Crozer-Keystone to date has refused to pay ransom. On 19 June, bitcoin publication Cointelegraph published a screenshot of Netwalker’s dark web auction page of the data. Apparently it is all financial and not medical records or PHI. Crozer also isolated the intrusion and took systems offline. Crozer is a small system of four hospitals in suburban Philadelphia (Delaware County) and serves parts of the state of Delaware and western New Jersey.

Neither Crozer nor UCSF have gone public with the source of the breach, but it is known that the main lure during the pandemic has been phishing emails with COVID-19 results or news, loaded with malware downloads.

As this Editor wrote back in May 2018 on the anniversary of WannaCry, it’s not a matter of if, but when, at highly vulnerable organizations like healthcare and academia with high-value information records. Right now, the Hakbit spear-phishing ransomware connected to an Excel spreadsheet macro is targeting mid-level individuals at pharma, healthcare, and other sectors in Austria, Germany, and Switzerland, according to tech research firm Proofpoint. TechGenix

More: Becker’s 22 June on Crozer-Keystone, 29 June on UCSF, 12 largest healthcare breaches to date, 10 healthcare system incidents for June, Kroger hacking incident exposing 11,000 health records. DataBreaches.net news page.

The Breach Barometer hits a new high for healthcare–and the year isn’t over

August 15, 2019 | by

31.6 million healthcare breached records can’t be right? But it is, and it’s double all of 2018. Protenus’ Breach Barometer for the first six months of the year tallied over double the number of patient records breached calculated for 2018 (15.1 million). The number of breach incidents reported was smaller–285 breach incidents disclosed to the US Department of Health and Human Services or the media–compared to 503 breaches in 2018, which means that individual data breaches affected far more records.

Hackermania is running wilder than ever. Nearly half the breaches were due to hacking. The big kahuna of breaches this year was reported in May at American Medical Collection Agency, a third-party billing collections firm. This eight-month breach affected 20 to 22 million records at Quest Diagnostics, LabCorp, Opko Health, under one of its subsidiaries, BioReference Laboratories, Inc., and Clinical Pathology Laboratories [TTA 5 June] This hack also involved Optum360, a Quest contractor and part of healthcare giant Optum. In terms of PII, the records breached included SSI, DOB, and physical addresses.

 Yet insider breaches are still a significant threat at 21 percent, whether from errors without malicious intent or deliberate wrongdoing. In the report, Protenus (with DataBreaches.net) calculated that 60 of the 285 breaches were insider-related affecting 3.5 million records. 35 were insider-error incidents, with 22 additional due to wrongdoing.

When it comes to breaches, the trend is easily not healthcare organizations’ friend, as 2018 tripled 2017’s total breached records. This is despite the new emphasis on healthcare IT security and insider training. Protenus release, FierceHealthcare, Protenus first half report (PDF)

More and more into the (data) breach: 3X more patient records in Q2, UnityPoint’s breach balloons to 1.3M

August 9, 2018 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]And we thought Healthcare Hackermania was following the Hulkster into retirement. After a quiet Q1, data breaches and hack attacks blew up both in Q2 and now in this quarter.

Data compliance analytics firm Protenus’ Breach Barometer (with DataBreaches.net) has been tracking healthcare data breaches for years. It was quiet last quarter with 1.13 million patient records affected in 110 separate health data breaches. But last quarter was a true triple threat with patient records up three times to 3.14 million, 142 separate breaches–which means more per breach on average. What is also distressing is that 29.71 percent are repeat offenses among employees, up from 21 percent in the previous quarter.

  • 36.6 percent of breaches were due to external hacking, nearly double that of Q1.
  • 30.99 percent were due to insiders, either through deliberate wrongdoing (theft) or insider error. Insider wrongdoing was led by family members snooping on other family members’ records. Not Russians, Chinese, NoKos, or Bulgarians bashing about. 
  • In contrast to Q1, where the biggest data breach was a network hack of an Oklahoma-based health network (reportedly the Oklahoma State University Center for Health Sciences), compromising nearly 280,000 records, Q2’s Big Breach was a physical burglary of the California Department of Developmental Services in Sacramento affecting over 581,000 records. After the usual ransacking and theft, the burglars started a fire before they left and the sprinklers did the rest.

It routinely takes nearly forever from when a breach occurs to when it is discovered: in Q1 244 days, in Q2 204 days. In Q2 the longest discovery time was over five years –2013 to 2018. This indicates that insiders may be good at covering their tracks, and/or IT staff don’t get around to detecting and policing breaches.

Protenus and DataBreaches.net compile incidents disclosed to HHS and reported in the media, and are now adding their own proprietary, non-public data on the status of health data breaches nationwide, including a review of tens of trillions of individual
accesses to EHRs which Protenus audits as part of their healthcare systems services. More detail in Protenus Q2 and Q1 full reports, HealthITSecurity (Q1)

Certain to lead their Q3 report is the 1.4 million patient record breach at UnityPoint Health, an Iowa-based health system. In May, a small phishing breach compromised 16,000 records. This cyberattack also started with email phishing and spread through employee networks. “The phishing campaign tricked employees into providing confidential login information, which hackers used to infiltrate email accounts and access data contained within.” Were the hackers after patient data? According to UnityPoint, “The phishing attack on UnityPoint Health was more likely focused on diverting business funds from our organization.” Healthcare Analytics News

You may not want a cyberattack, but cyberattacks and hacking want you….

MediBioSense and Blue Cedar take a new approach to secure medical wearable data (UK/US)

January 23, 2018 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2018/01/VitalPatch_Header_Photo_Tablet.jpg” thumb_width=”150″ /]Doncaster UK-based MediBioSense Ltd. has partnered with San Francisco-based Blue Cedar to protect their VitalPatch app on smartphones and tablets. MediBioSense uses VitalPatch in their MBS HealthStream system marketed in the UK in acute care and long-term care setting. Blue Cedar is securing the app through their patented code-injected technology which protects the VitalPatch-collected data from the app to the provider database. The system with Blue Cedar’s security is available directly from MediBioSense.

VitalPatch is a single-use adhesive biosensor patch applied to the patient’s chest (see left above). It monitors eight vital signs and activity signs: heart rate, respiration, ECG, heart rate variability, temperature, body posture including fall detection/severity, and steps as an indicator of activity. MediBioSense contracted with the US-based developer, VitalConnect, to sell the system in the UK. VitalPatch is US FDA-cleared (Class II) and CE Marked for the EU.

One impetus, according to the release (PDF), is the GDPR (General Data Protection Regulation), the pan-European/UK data-protection law slated to take effect in May. This not only applies to European Union citizens’ personal data but also requires reports on how organizations safeguard that data. 

Blue Cedar, which this Editor has previously profiled [TTA 3 May 17], has developed code-injection technology that secures data from the app to the provider location on their servers or in the cloud. It secures the app without the device being managed. Devices have their own vulnerabilities when it comes to apps even when secured, as 84 percent of cyberattacks happen at the application layer (SAP). Blue Cedar’s security also enables tap-and-go from an icon versus multiple security entries, thus quick downloading from app stores or websites. For companies, the secured app provides granular analytic reports about users, app usage, devices, and operating systems which are useful for GDPR requirements.

Blue Cedar’s latest release of app security is Enforce, to secure existing mobile apps using in-app embedded controls to enforce a broad range of security policies. It is sold on the Microsoft Azure cloud platform and is primarily targeted to the value-added reseller (VAR) market. 

All the more reason to use all means to secure devices and apps. When as of last week Allscripts‘ EHR for e-prescribing was hit with a ransomware attack (FierceHealthcare), yet another hospital (Hancock Regional in Indianapolis) paid $5,000 to hackers to get back online (Digital Health), and Protenus/DataBreaches.net tracks a breach a day [TTA 29 Dec 17], cybersecurity has become Job #1 for anyone in the healthcare field. (And Big Healthcare now votes for security. Protenus today announced their $11 million Series B led by Kaiser Permanente Ventures and F-Prime Capital Partners. Release.)

Rounding up the roundups in health tech and digital health for 2017; looking forward to 2018’s Nitty-Gritty

December 29, 2017 | by | 2 Comments

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/12/Lasso.jpg” thumb_width=”100″ /]Our Editors will be lassoing our thoughts for what happened in 2017 and looking forward to 2018 in several articles. So let’s get started! Happy Trails!

2017’s digital health M&A is well-covered by Jonah Comstock’s Mobihealthnews overview. In this aggregation, the M&A trends to be seen are 1) merging of services that are rather alike (e.g. two diabetes app/education or telehealth/telemedicine providers) to buy market share, 2) services that complement each other by being similar but with strengths in different markets or broaden capabilities (Teladoc and Best Doctors, GlobalMed and TreatMD), 3) fill a gap in a portfolio (Philips‘ various acquisitions), or 4) payers trying yet again to cement themselves into digital health, which has had a checkered record indeed. This consolidation is to be expected in a fluid and relatively early stage environment.

In this roundup, we miss the telecom moves of prior years, most of which have misfired. WebMD, once an acquirer, once on the ropes, is being acquired into a fully corporate info provider structure with its pending acquisition by KKR’s Internet Brands, an information SaaS/web hoster in multiple verticals. This points to the commodification of healthcare information. 

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/12/canary-in-the-coal-mine.jpgw595.jpeg” thumb_width=”150″ /]Love that canary! We have a paradigm breaker in the pending CVS-Aetna merger into the very structure of how healthcare can be made more convenient, delivered, billed, and paid for–if it is approved and not challenged, which is a very real possibility. Over the next two years, if this works, look for supermarkets to get into the healthcare business. Payers, drug stores, and retailers have few places to go. The worldwide wild card: Walgreens Boots. Start with our article here and move to our previous articles linked at the end.

US telehealth and telemedicine’s march towards reimbursement and parity payment continues. See our article on the CCHP roundup and policy paper (for the most stalwart of wonks only). Another major change in the US is payment for more services under Medicare, issued in early November by the Centers for Medicare and Medicaid Services (CMS) in its Final Rule for the 2018 Medicare Physician Fee Schedule. This also increases payment to nearly $60 per month for remote patient monitoring, which will help struggling RPM providers. Not quite a stride, but less of a stumble for the Grizzled Survivors. MedCityNews

In the UK, our friends at The King’s Fund have rounded up their most popular content of 2017 here. Newer models of telehealth and telemedicine such as Babylon Health and PushDoctor continue to struggle to find a place in the national structure. (Babylon’s challenge to the CQC was dropped before Christmas at their cost of £11,000 in High Court costs.) Judging from our Tender Alerts, compared to the US, telecare integration into housing is far ahead for those most in need especially in support at home. Yet there are glaring disparities due to funding–witness the national scandal of NHS Kernow withdrawing telehealth from local residents earlier this year [TTA coverage here]. This Editor is pleased to report that as of 5 December, NHS Kernow’s Governing Body has approved plans to retain and reconfigure Telehealth services, working in partnership with the provider Cornwall Partnership NHS Foundation Trust (CFT). Their notice is here.

More UK roundups are available on Digital Health News: 2017 review, most read stories, and cybersecurity predictions for 2018. David Doherty’s compiled a group of the major international health tech events for 2018 over at 3G Doctor. Which reminds this Editor to tell him to list #MedMo18 November 29-30 in NYC and that he might want to consider updating the name to 5G Doctor to mark the transition over to 5G wireless service advancing in 2018.

Data breaches continue to be a worry. The Protenus/DataBreaches.net roundup for November continues the breach a day trend. The largest breach they detected was of over 16,000 patient records at the Hackensack Sleep and Pulmonary Center in New Jersey. The monthly total was almost 84,000 records, a low compared to the prior few months, but there may be some reporting shifting into December. Protenus blog, MedCityNews

And perhaps there’s a future for wearables, in the watch form. The Apple Watch’s disconnecting from the phone (and the slowness of older models) has led to companies like AliveCor’s KardiaBand EKG (ECG) providing add-ons to the watch. Apple is trying to develop its own non-invasive blood glucose monitor, with Alphabet’s (Google) Verily Study Watch in test having sensors that can collect data on heart rate, gait and skin temperature. More here from CNBC on Big Tech and healthcare, Apple’s wearables.

Telehealth saves lives, as an Australian nurse at an isolated Coral Bay clinic found out. He hooked himself up to the ECG machine and dialed into the Emergency Telehealth Service (ETS). With assistance from volunteers, he was able to medicate himself with clotbusters until the Royal Flying Doctor Service transferred him to a Perth hospital. Now if he had a KardiaBand….WAToday.com.au  Hat tip to Mike Clark

This Editor’s parting words for 2017 will be right down to the Real Nitty-Gritty, so read on!: (more…)

Hackermania meets The Dark Overlord with 2.3 million 2017 health data breaches

May 10, 2017 | by | 2 Comments
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]It’s a cage match! Reports are soaring, with a proliferation of data breaches year to date, after a relatively quiet period in 2016.

The Dark Overlord (TDO), in the mainstream news with dumping unseen Netflix program episodes on illegal file-sharing sites and demanding ransom (Guardian), also has been hard at work dumping PHI hacked from various clinics. DataBreaches.net tallied it at 180,000 records from at least nine medical clinics.

Health data security developer/provider Protenus, whose Breach Barometer tracks the numbers, counted 2.1 million breaches in 1st Quarter. March spiked with 700,000 coming from Commonwealth Health Corporation of Kentucky.

Our standby Privacy Rights Clearinghouse counted over 175,000 to date, but 160,000 came from MedCenter Health in Protenus’ total, so their net addition was 15,000. But PRC’s detail illustrates that ransomware is alive, well, and invading smaller healthcare organizations. Other reasons are unauthorized data server access, third-party vendors, email error, and theft.