Cybercriminals Target Medical Specialty Practices in Recent Hacks
In a concerning trend, cybercriminals continue to exploit vulnerabilities within medical specialty practices in the United States, with two notable instances in recent weeks. An Illinois-based gastroenterology practice and a pulmonary practice in California were targeted, with attackers alleging they have accessed sensitive health information belonging to patients.
The incidents involve Rockford Gastroenterology Associates from Rockford, Illinois, which employs around 148 staff members, and Pacific Pulmonary Medical Group, located in Riverside, California. Both practices focus on specialized medical fields—digestive health and respiratory disorders, respectively. These breaches are part of a surge in similar attacks that have plagued specialty medical practices throughout 2024.
Jaime Cifuentes, Director of Consulting Services at privacy and security firm Clearwater, highlighted the alarming statistic that 46% of ransomware incidents reported between August and October of this year were aimed at such organizations. The inherent value of medical records, coupled with smaller practices’ often limited cybersecurity measures, makes them particularly appealing targets for cybercriminals.
Rockford Gastroenterology Associates disclosed that it fell victim to a hacking incident on October 30, involving a cyberattack that occurred in December 2023. The breach affected a network server, potentially compromising data related to over 147,000 patients. This incident was recently included in the U.S. Department of Health and Human Services’ public repository of major breaches. Moreover, an adversarial ransomware group known as RA Group claimed responsibility, reportedly leaking around 56 gigabytes of patient data after the practice declined to pay a ransom.
Although Rockford’s electronic health records system remained secure, unauthorized access was confirmed to unstructured data within its network. The practice stated that it contained the breach before any ransomware could encrypt its systems and disrupted operations. Following the breach, Rockford assured stakeholders that measures were being implemented to prevent similar incidents, such as enhancing its security operations center and upgrading encryption protocols.
Meanwhile, the Pacific Pulmonary Medical Group also fell victim to a recent cyberattack, with its information appearing on the dark web under the Everest ransomware group’s data leak site. Reports indicate that the compromised data included personal patient information ranging from insurance details to identifiable documents created between 2021 and 2024. Notably, this practice has yet to officially disclose the breach to regulators or the public.
The frequency of these attacks underscores a broader issue within the healthcare sector, particularly in smaller medical specialty practices. Experts point out that many of these practices lack adequate cybersecurity resources and expertise, making them susceptible to attacks that often begin with phishing incidents or social engineering tactics, as outlined in the MITRE ATT&CK framework. Tactics such as initial access, credential dumping, and data exfiltration are likely employed by adversaries during these incidents.
In summary, cybercriminals are increasingly focusing on specialized medical groups, leveraging their lack of defenses against sophisticated tactics. The ongoing mergers and acquisitions in the healthcare sector may also create vulnerabilities, as new practices integrate disparate systems that lack foundational security controls. As threats to healthcare organizations escalate, the need for robust cybersecurity measures and employee training becomes imperative to safeguard sensitive patient data and maintain operational integrity.
