Seattle-based Proliance Surgeons, a major surgical group with about 100 locations, is notifying nearly 437,400 individuals about a ransomware and data theft incident. The breach, part of a concerning trend in the healthcare sector for 2023, impacted IT systems, with encrypted files and unauthorized access leading to the removal of a limited number of files. Proliance launched an investigation, engaged law enforcement, and began notifying affected individuals. Sensitive data, including names, birthdates, social security numbers, medical details, and financial information, was potentially compromised. The surgical practice faces a class-action lawsuit alleging negligence in safeguarding health and personal data.
This incident adds to a disturbing pattern in the healthcare sector, where hacking incidents accounted for 80% of major health data breaches in 2023. These incidents, involving ransomware attacks, data exfiltration, and exploitation of software vulnerabilities, showcase the increasing sophistication of cyber threats. The CEO of security firm Dasera notes that the healthcare sector’s reliance on digital solutions and interconnected systems makes it vulnerable. The Proliance breach, featuring both data encryption and exfiltration, exemplifies the severity of such attacks.
Predictions suggest that major breaches caused by ransomware attacks and software vulnerabilities will persist in the healthcare sector into 2024. To mitigate these risks, experts recommend adopting a robust, multilayered security strategy, including regular assessments, employee training, data encryption, software patching, backups, and well-rehearsed incident response plans.