hiveleak attacks Behavioral Health System

Incident Date: Jul 14, 2022

Attack Overview

VICTIM

Behavioral Health System

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Hiveleak

FIRST REPORTED

July 14, 2022

Request Removal

Behavioral Health System Targeted by Hiveleak Ransomware Group

Company Overview

Behavioral Health System, a healthcare provider based in Maryland, offers a comprehensive suite of services aimed at supporting mental health. These services include psychotherapy, medication management, and psychiatric evaluations, catering to individuals seeking mental health support.

Impact of the Attack

The ransomware attack orchestrated by the Hiveleak group has led to the encryption of vital electronic health records and company files, compromising the data integrity of over 14,000 individuals. This disruption has severely impacted patients, restricting access to their medical records, which is crucial for making informed health decisions.

Vulnerabilities and Mitigation

This incident brings to light the escalating threat of ransomware attacks within the healthcare sector. In response, the Office for Civil Rights (OCR) advises all covered entities to reassess vendor relationships, adopt multi-factor authentication, and conduct regular audits of information system activities to bolster cybersecurity defenses.

Following the attack, the HHS Office for Civil Rights (OCR) concluded a ransomware investigation with Behavioral Health System. The settlement required the healthcare provider to pay $40,000 and undertake corrective measures to rectify potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is notable as it represents only the second instance of such an agreement following a ransomware attack investigation by OCR.

The ransomware attack on Behavioral Health System emphasizes the critical need for stringent cybersecurity protocols in the healthcare industry. With ransomware groups increasingly targeting healthcare providers, it is imperative for these organizations to elevate their cybersecurity posture and adhere to best practices to safeguard sensitive patient information.

Sources

Behavioral Health System website
CBS News: Change Healthcare Cyberattack
HIPAA Journal: Ransomware Attack on Texas Mental Health Service Provider
Healthcare Dive: HHS reaches second-ever ransomware settlement
HHS: HHS' Office for Civil Rights Settles Second Ever Ransomware Cyber-Attack
Health IT Security: HHS Settles Ransomware Investigation with Behavioral Health Provider

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.