A Seattle-based surgical group, Proliance Surgeons, notified approximately 437,400 individuals of a ransomware attack and data theft incident earlier this year, marking a concerning trend in the healthcare sector for 2023.
The specialty medical group, managing around 100 locations in Washington state and catering to over 800,000 patients annually, disclosed the hacking incident involving a network server to the U.S. Department of Health and Human Services on Nov. 20.
Proliance detailed that the cyberattack encrypted some IT systems and files while also permitting unauthorized access that led to the removal of “a limited number” of files. Upon conducting a thorough investigation with third-party cybersecurity experts, the practice uncovered potential unauthorized access to additional files containing personal information around Feb. 11.
The compromised data encompassed individual names, birthdates, Social Security numbers, medical treatment details, health insurance information, contact information, financial account numbers, identification information, and login credentials.
In response, Proliance Surgeons is reinforcing its cybersecurity protocols and implementing additional security measures. However, the practice faces legal action, including a proposed class action lawsuit filed in Seattle federal court by plaintiff Alicia Berend, alleging negligence in safeguarding sensitive health and personal data.
The lawsuit also references a prior breach incident involving Proliance’s online payment system between November 2019 and June 2020, although it did not involve protected health information.
This breach reflects a broader trend in the healthcare sector, with hacking incidents accounting for 80% of the major health data breaches reported in 2023. Ransomware attacks, software vulnerabilities, phishing, and data exfiltration contribute significantly to these breaches, showcasing the evolving and sophisticated nature of cyber threats.
Security experts emphasize the healthcare industry’s vulnerability to cyberattacks due to its reliance on digital solutions and interconnected systems. Recommendations for a robust security strategy include vulnerability assessments, employee training, data encryption, software patching, backups, and a well-prepared incident response plan.
While the challenges with data breaches in the healthcare sector are significant, experts believe they can be mitigated with a comprehensive and proactive security approach.