2023 Ransomware Attacks on 141 Hospitals including Parathon by JDA eHealth Systems

by

Parathon by JDA eHealth Systems Reports a Cyberattack

A revenue cycle management firm, Parathon by JDA eHealth Systems located in Naperville, Illinois, recently sent a notification to the state attorneys general that it encountered a cyberattack last July 27, 2023. In December 22, 2023, it notified the Montana Attorney General that unauthorized persons got access to the protected health information (PHI) of patients of its customers. The types of data affected differed from one person to another and might have included names together with one or more of these information: address, birth date, and/or PHI, such as but not confined to diagnosis, claims details, and medical insurance data.

The notification did not say if there was file encryption involved, however, Parathon stated the attacker stole data and demanded a ransom payment. Parathon has done everything possible to mitigate the compromise of personal data and associated identity theft. The Akira threat group said it is responsible for the attack and included Parathan on its data leak website. However, the listing has been deleted, which indicates the payment of the ransom. Akira stated it stole 560GB of information.

Parathon stated in its breach notification letters that it is dedicated to protecting the privacy and security of the personal data of its clients. Extra safety measures were put in place, security procedures were improved to better secure the information in its servers, and Parathon has evaluated its guidelines and procedures associated with data protection. Parathon stated it did not find any proof that indicated the misuse of any stolen information. However, as a safety measure, it has given three free services to the impacted persons: single bureau credit monitoring, single bureau credit score, and single bureau credit report through Cyberscout.

It is uncertain how many customers were impacted, though it was confirmed that NorthShore University Health System was affected. State attorneys general were informed, but the incident hasn’t yet shown up on the HHS’ Office for Civil Rights breach portal.

A Minimum of 141 Hospitals Impacted by Ransomware Attacks in 2023

2023 was a notably bad year in terms of ransomware attacks. As per the research of the cybersecurity company Emsisoft, 46 hospital systems encountered ransomware attacks in 2023, there were only 25 in 2022 and 27 in 2021. In the 46 attacks, about 141 hospitals were directly impacted and encountered problems because of the inability to access IT systems and patient information.

It is hard to make an accurate report on ransomware attacks in the healthcare industry, because a lot of victims do not make known if ransomware was involved. The breach notification letters sent to the impacted persons and state Attorneys General frequently refer to ransomware attacks as unauthorized access, cyberattacks, hacking incidents, encryption events, or security incidents, and therefore, the number of reported attacks in the industry will be considerably understated. The State of Ransomware in the U.S.: Report and Statistics 2023 by Emsisoft shows that 2,207 U.S. hospitals, governments, and schools were directly affected by ransomware in 2023 and a lot of others were indirectly affected through attacks on their suppliers.

With no access to patient data and IT systems, hospitals tend to be compelled to put redirect their emergency department operations, sending ambulances to nearby healthcare establishments. Other hospitals in the area are put under greater stress because of the increased number of patients, and the resource limitations brought on by the influx of patients has an adverse effect on time-sensitive ailments for example acute stroke.

The breakdowns due to these attacks meant that booked appointments usually should be canceled and rebooked and bottlenecks happen with laboratory testing and radiology, causing slowdowns to diagnosis and treatment, extended patient stays, a delay in patient throughput, and the interruption inevitably leads to not as good patient results. Although there were no reported fatalities in the U.S. due to ransomware attacks, studies have revealed that right after a ransomware attack, medical problems and mortality rates increase. One research performed by McGlave, Neprash, and Nikpay of the University of Minnesota School of Public Health, discovered that in-hospital patient mortality during the time of a ransomware attack went up. The attacks likewise prompted a 17%-25% decrease in hospital volume during the preliminary attack week, and they approximated that from 2016 to 2021, ransomware attacks killed from 42 to 67 Medicare patients.

These attacks normally have a considerable financial effect. Based on the Verizon Cost of a Data Breach Report, the average healthcare data breach cost went up to its highest ever amount in 2023, being $11 million on average, which is 53% higher than in 2020. Emsisoft stated that 32 of the 46 cyberattacks on health systems ended in the theft of sensitive information, including PHI.

In 2023, the average ransom payment grew by 29,900% to around $1.5 million. The higher income from ransomware attacks make it possible for ransomware groups to increase their campaigns, pay preliminary access brokers, and buy zero-days, meaning a lot more attacks will be executed. Less victims are paying ransoms meaning ransom demands must increase to replace the deficiency. Certain ransomware groups have additionally begun using more aggressive strategies, like getting in touch with patients and asking for ransom payments. Several attacks on plastic surgery facilities have led to the public posting of intimate images and telling patients to pay to remove those photos online. One group called patients and threatened them with the exposure of their sensitive information and asked patients to pay $50 to remove their information.

A lot of ransomware groups work in nations that ignore the attacks, and several nation-states are believed to use proxy ransomware groups. Although international law enforcement operations have succeeded in disrupting a few ransomware groups, the individuals concerned are seldom punished. With a lot of money involved and a little chance of being captured, attacks will likely continue to increase. The solution recommended by Emsisoft and other experts is straightforward. Because ransomware attacks are executed by financially driven threat actors, the best way to deal with the problem is to make the attacks unprofitable. Governments must consequently prohibit ransom payments and stop this very profitable income stream.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone