2 Vendors Among BlackCat's Alleged Recent Ransomware Victims
Group Lists EHR Provider, Pharmaceutical Services Firm on Leak SiteAn electronic health records vendor and a pharmacy management services firm are purportedly among the latest healthcare sector victims of ransomware-as-a-service group BlackCat, also known as Alphv.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Irvine, California-based NextGen Healthcare, which offers cloud-based EHRs, and Blanco, Texas-based PharmaCare Services, a provider of pharmacy management and consulting services, appeared on BlackCat's leak site late last week.
The site still lists PharmaCare as a victim but took down its NextGen listing for unknown reasons. The reclusive author behind DataBreaches.net wrote that BlackCat had removed its listing shortly after she confronted a spokesperson of the ransomware-as-a-service group with a statement from NextGen that it has not seen evidence of a data breach.
NextGen in a statement to Information Security Media Group confirmed it is investigating a recent data security incident but would not comment specifically on BlackCat's alleged involvement.
"NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate," a NextGen spokesperson told ISMG.
"We immediately contained the threat, secured our network, and have returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client or patient data," the spokesperson also said.
PharmaCare did not immediately respond to ISMG's request for comment on it being listed on the BlackCat leak site.
Prior Warning
The alleged BlackCat incidents come on the heels of a recent U.S. Department of Health and Human Services warning to the healthcare sector about threats involving the cybercrime group (see: BlackCat, Royal Among Most Worrisome Threats to Healthcare).
BlackCat claims its affiliates avoid attacking state medical institutions, ambulance companies and hospitals but says pharmaceutical companies, insurers, private clinics and similar entities are fair game.
The purported BlackCat incidents involving NextGen and PharmaCare appear to fit the group's self-proclaimed interest in targeting entities on the periphery of mainstream healthcare delivery. But even these incidents can have far-reaching spillover effect on other healthcare sector entities.
"It's not only attacks on healthcare providers that have the potential to disrupt patient care and put protected health information at risk. It's also attacks on vendors," says Brett Callow, threat analyst at security firm Emsisoft.
Ransomware and other hacking incidents involving third-party vendors were the crux of many of the largest health data breaches reported to federal regulators in 2022.
Business associates last year were at the center of about 250 major health data breaches affecting 24.1 million individuals, according to the HHS' Office for Civil Rights' HIPAA Breach Reporting Tool website (see: Analysis: Third-Party Health Data Breaches Dominated in 2022).
They include a hacking incident involving another cloud-based EHR vendor, Eye Care Leaders. That incident affected dozens of the company's ophthalmology and other vision care provider clients, and more than 3 million of its patients.