Imagine360, a Pennsylvania-based provider of self-funded health plans for employers, recently suffered two cyberattacks on their filing sharing platform.
What happened
Imagine360 has suffered two cyberattacks this year alone. The Pennsylvania health plan company faced both attacks in January but only recently finished reviewing the affected files in June.
The first attack involved Citrix, a file-sharing platform that serves approximately 100 million users. It was estimated to have occurred between January 28th and January 30th.
The other attack occurred at or around the same time in another file-sharing platform, Fortra's GoAnywhere Transfer solution. Paubox had previously reported on the Fortra attack, which affected up to 1 million patients during a zero-day vulnerability. A Russia-linked ransomware group, Cl0p, took credit for the attack and stated that they had breached more than 130 organizations through GoAnywhere.
Imagine360 discovered the attack on January 30th, and through an investigation that lasted until June 1st, they found that stolen information included names, medical information, health insurance information, and social security numbers.
Related: Zero-day attack affects PHI for up to 1 million patients
Why it matters
Imagine360 estimates that the attack affected 112,611 individuals.
While it's unclear how many individuals the Citrix breach affected, the Fortra breach affected up to 1 million individuals, including Imagine360 and many other organizations.
While Imagine360's investigation has concluded, the law firm of Federman & Sherwood has initiated its own investigation and is asking potentially affected individuals to come forward.
Data breaches such as this are becoming increasingly common as ransomware groups like Cl0p, BianLian, and others improve their capabilities to hack into healthcare systems.
The situation can be dire for hospitals - at times, it delays critical functions or prevents appointments from being conducted.
The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Work Group has released a new guidance to ensure that hospitals and organizations are able to continue running even when faced with a breach or ransomware attack.
Read more: HSCC Cybersecurity Working Group releases new incident response template
What was said
In their notice to affected individuals, Imagine360 said they took immediate steps upon discovering unusual activity. They stated, "Imagine360 terminated access to the platform, reset passwords, and confirmed the security of its environment since the platform is externally hosted outside of the Imagine360 environment."
They did not immediately discover the Fortra breach but were notified by the organization on February 3rd. Upon discovering the breach, Imagine360 conducted another investigation and notified state and federal regulators.
Imagine360 also said they had "suspended use of Fortra's platform and implemented additional safeguards to our existing policies, processes, and security measures."
The bottom line
Imagine360 hasn't offered any credit monitoring or identity theft protection, but they advise individuals to review their account statements and monitor their credit.
As attacks continue, organizations must stay diligent in securing their data and files to protect personal health information and more from being unfairly used.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
