News roundup: Hacks, ransomware of medical records, security cameras spike; Withings launches new mobile-direct devices; Bluestream Health adds Leon Medical (FL) to telehealth

In recent weeks, hackermania has been romping in healthcare. A compilation of incidents revealed just in the past few weeks have affected hundreds of thousands of patients, employees, and providers:

  • Security cameras produced by Verkada, Inc. were hacked across the US, including at Tesla. Healthcare organizations affected by the hack were Daytona Beach, Fla.-based Halifax Health, where the video showed “what appeared to be eight staffers tackling a man and pinning him to a bed.” Texarkana, Texas-based Wadley Regional Medical Center and Tempe (Ariz.) St. Luke’s Hospital were also hacked. The means in was described by one of the hackers (appropriately female for this month) as through a “super admin” account where the username and password appeared online. Becker’s Health IT 10 March, Bloomberg News
  • 210,000 MultiCare patients, providers, and employees of Tacoma, Wash.-based MultiCare had personal information exposed in a December ransomware attack on their medical practice management company’s IT services vendor. Becker’s Health IT 9 March
  • A clinic in North Carolina had a six-day ransomware attack starting 23 February. Hackers demanded a $1.75 million payment in exchange for giving back the clinic access to its data. The clinic came back online 1 March but did not disclose any payment. Becker’s Health IT 5 March
  • NBC News revealed that hackers stole employee files from Gallup, New Mexico-based Rehoboth McKinley Christian Health Care Services after a ransomware attack on its computer network in February. Those employee files were posted online; information included employee job applications and background check authorizations with Social Security numbers. Earlier attacks by the same hacker group included Leon Medical Centers of Miami-Dade Florida (see following) and Nocona (Texas) General Hospital resulted in the online publishing of tens of thousands of patient records. Becker’s Health IT 4 March
  • Hackers attacked biochemical machines used to prepare samples in Oxford University’s Division of Structural Biology. Forbes received the information from Hold Security chief technology officer Alex Holden, who provided screenshots of the hackers’ access to Oxford University systems, and notified the university.
  • The cutely-named DopplePaymer attacked a county government office in Chatham County, North Carolina, and stole residents’ PHI and PII between November 2020 and this past January. Becker’s 10 Feb 
  • And on the ‘Someone Got Fired For This One’ list is the response to hacking at Boise, Idaho’s Saint Alphonsus Health System. The health system had a data breach in January. Patients were routinely notified. However, the mail merge, not the hack, created an incorrect status for some patients, sending them letters as if they were deceased or a minor. Becker’s Health IT 10 March

It’s cold comfort when the US Department of Justice announces that they are indicting three North Korean hackers who inflicted the WannaCry malware and $1.3 bn in extortion damage on the world back in 2018. All three were members of North Korea’s intelligence agency, the Reconnaissance General Bureau (RGB). The likelihood of their extradition is one word: none.

And in other news….

Withings unveils new professional devices. The Body Pro smart scale and BPM Connect Pro, distributed to doctors, out of the box will transmit health data directly from patient to doctor. Neither require Wi-Fi nor a mobile phone, since they have embedded SIM cellular cards to directly connect to a mobile network. They are both sold through Withings’ professional division. FierceHealthcare

Telehealth provider Bluestream Health has added Leon Medical Centers, a seven-location Miami-Dade FL provider. Bluestream Health provides whitelabeled secure telehealth services that combine with medical workflows to approximately 50,000 providers in 500 facilities. Release.