Multiple U.S. health care entities report being victimized in recent cyberattacks that may have compromised thousands of customers’ data.
Georgia-based Artivion and Ciox Health and Maryland-based Amergis have reported data breaches since last month. The intrusions involving Ciox and Amergis affected more than 21,000 people. The most recent attack targeted Artivion, a manufacturer and distributor of medical devices.
Although the company continues to provide services to customers, the data breach “has caused disruptions to some order and shipping processes, as well as to certain corporate operations, which have largely been mitigated,” the company stated.
Artivion said it expects to incur certain costs related to the incident that won’t be covered by insurance.
The data breach poses various risks, such as delays in restoring full operations, that could have a “material impact” on the company in the future, Artivion said, without providing further details.
In a filing with the Maine attorney general, Ciox revealed that 10,639 customers were affected, with names and other personal identifiers potentially stolen. The company is providing 24 months of credit monitoring and identity theft protection services to individuals affected by the breach.
Targeting Health Care Sector
Attacks involving ransomware against health care organizations continue to rise globally, according to an annual review from IT services company Barracuda.Ransomware is a type of malware that hackers use to encrypt files on a device or network. As a result, the data owner is unable to use these files and is forced to pay the hackers to decrypt them.
The firm’s researchers investigated 200 breach incidents reported between August 2023 and July 2024, finding that “over one in five attacks (21 percent) hit healthcare in 2023/24, up from 18 percent a year ago.”
“Some of these made global headlines, with operations postponed and long-term treatment plans disrupted,” the review stated.
The average number of weekly attacks per entity in the sector was 2,018 between January and September, up by almost one-third from last year.
In February, a data breach at UnitedHealthcare’s Change Healthcare unit resulted in the data of roughly 100 million Americans being compromised. This was the biggest health care data breach incident ever reported in the United States.
Compromised information was estimated to include names, phone numbers, medical record numbers, health insurance details, diagnoses, financial and banking information, and a host of other crucial data.
The bill would require the Department of Health and Human Services to develop a cybersecurity incident response plan. It seeks to offer grants to health care organizations to boost their response to cyber intrusions. The entities would be provided with training related to cybersecurity best practices.
Sen. Bill Cassidy (R-La.), a bill co-sponsor, said it would safeguard the health data of American citizens against cyberattacks. Such incidents not only compromise data “but can delay life-saving care,” he said.
Sen. Maggie Hassan (D-N.H.), another co-sponsor, said, “Cyberattacks in the health care sector can have a wide range of devastating consequences, from exposing private medical information to disrupting care in ERs—and it can be particularly difficult for medical providers in rural communities with fewer resources to prevent and respond to these attacks.”
