Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

Healthcare Cybersecurity Updates: Ransomware, Vendor Risk & 7+ Million Exposed Records

healthcare-cybersecurity-updates

As cyberattacks continue to surge across the healthcare sector, this week’s biggest headlines remind us of a sobering truth: no system is immune. 

From massive third-party breaches to sophisticated ransomware operations targeting hospitals, patient trust and operational continuity are on the line like never before.

Data Breach Alert: Drug Testing Provider Exposes Nearly 750,000 Personal Records

A major data breach at a workplace drug testing provider is sending shockwaves through the healthcare and employment sectors, exposing the personal data of nearly 750,000 individuals. Many of the victims underwent routine drug or alcohol testing for work-related purposes.

The incident, which occurred at The Alcohol & Drug Testing Service (TADTS), was discovered on July 9, 2024. Investigators have confirmed that attackers gained unauthorized access to the organization’s internal systems and stole sensitive data.

After months of digital forensics and review, TADTS recently completed its investigation with help from a third-party data analysis team. 

The findings? Alarming.

What Was Exposed

The stolen data includes an extensive range of personal identifiers, some of which are highly sensitive and regulated under HIPAA and other federal laws. 

Compromised data may include:

  • Full names and dates of birth
  • Social Security numbers and driver’s license numbers
  • Passport details and other government-issued IDs
  • Financial and credit card information
  • Health insurance data and biometric markers
  • Email addresses, passwords, and login credentials
  • Immigration-related ID numbers (e.g., USCIS or alien registration numbers)

While not every individual’s record contained all these elements, the breadth of exposed categories raises serious concerns about identity theft, medical fraud, and privacy violations, especially for those employed in safety-sensitive roles.

TADTS notified affected individuals via mailed letters and posted a breach notice on its website. The exposed information was reportedly collected during pre-employment or periodic drug and alcohol screenings.

Security Response and Aftermath

Following the breach, TADTS took a series of defensive measures:

  • Password resets across all systems
  • Enhanced monitoring and threat detection
  • Strengthened endpoint detection protocols
  • Notification of law enforcement and regulatory authorities

However, TADTS will not be offering free credit monitoring or identity protection services, a move that has sparked criticism, given the scale and sensitivity of the breach.

Who Was Behind the Attack?

While TADTS did not publicly confirm the type of cyberattack, the BianLian ransomware group claimed responsibility on July 14. The group alleges it stole around 218 gigabytes of data. 

At the time of writing, it’s unclear whether this data has been published, as BianLian’s leak site on the dark web remains offline.

Why This Matters for Healthcare Providers

This breach underscores a critical truth for healthcare organizations: 3rd party vendors are often the weakest link in your cybersecurity chain. Many healthcare providers refer patients or employees to external labs and testing services. If these vendors fail to secure sensitive data, your institution may still face fallout. Think about reputational damage, patient mistrust, or even regulatory scrutiny.

What You Should Do Now

  • Review your vendor contracts and data-sharing agreements.
  • Audit third-party cybersecurity practices and certifications.
  • Limit the volume of data shared externally whenever possible.
  • Educate employees on how to verify the legitimacy of data requests.

5.4 Million Affected in Episource Cyberattack: What It Means for Healthcare Organizations

In one of the most significant healthcare data breaches of 2025, medical billing provider Episource has confirmed a security incident that compromised the private and medical information of roughly 5.4 million individuals. 

The breach was recently disclosed through filings with the U.S. Department of Health and Human Services, as well as regulatory agencies in California and Vermont.

Episource, a key partner to hospitals, physician networks, and insurance companies, provides risk adjustment and medical coding services across the U.S. 

According to the disclosure, threat actors gained access to Episource’s systems and exfiltrated data during a week-long cyber intrusion that ended on February 6, 2025. The company reported that attackers were able to view and steal sensitive files containing a broad range of personal and health information.

The stolen data includes:

  • Names, contact information, and demographic details
  • Health insurance plan names and policy numbers
  • Medical record identifiers and provider names
  • Information on diagnoses, lab results, prescriptions, imaging, and treatments

Though Episource has not confirmed the type of attack, a notice from Sharp HealthCare, one of its affected partners, indicated that the breach stemmed from a ransomware incident.

This breach adds to growing cybersecurity concerns tied to the UnitedHealth ecosystem, which earlier this year saw its subsidiary Change Healthcare hit by a devastating ransomware attack. That incident compromised the data of over 190 million Americans, making it the largest breach in U.S. healthcare history.

The breach highlights the growing vulnerabilities in third-party billing and coding platforms. Sensitive data in the wrong hands poses risks to individual patients and the trust and integrity of healthcare systems.

Radiology Associates of Richmond Breach: 1.4 Million Patients Affected

Another major healthcare organization has suffered a serious data breach, and this one hits particularly close to the legal and compliance concerns many of your clients face.

Radiology Associates of Richmond (RAR), a Virginia-based imaging provider with more than a century of continuous service, has disclosed a cybersecurity incident that exposed sensitive data belonging to over 1.4 million individuals.

The intrusion took place between April 2 and April 6, 2024, but it wasn’t until May 2, 2025, that investigators confirmed protected health and personal data had indeed been compromised. 

The breach affected systems containing names, health records, and in some cases, Social Security numbers.

According to the company’s public disclosure, threat actors gained unauthorized access to RAR’s network. While the full scope is still being assessed, the affected systems contained identifiable Protected Health Information (PHI), a critical category under HIPAA that includes medical imaging data, diagnostic history, treatment details, and more.

Legal & Compliance Considerations

RAR engaged outside cybersecurity experts to secure its systems and launched a formal notification process beginning July 1, 2025. 

Although there is no current evidence of misuse, the organization is offering credit monitoring to impacted individuals whose SSNs were exposed. The fact that RAR took over a year to fully assess the breach timeline highlights the complexity of digital forensics and the legal risks of delayed discovery.

Breaches like this reinforce the need for healthcare organizations to:

  • Review their data handling and access controls.
  • Conduct regular third-party risk assessments.
  • Prepare for breach reporting and potential litigation.

Interlock Ransomware Poses Risk to Healthcare Sector and Critical Infrastructure

Healthcare organizations are once again in the crosshairs. In a joint alert, the FBI, CISA, HHS, and MS-ISAC have warned that a ransomware group known as Interlock is actively targeting critical infrastructure and healthcare organizations across North America and Europe are no exception.

Since September 2024, Interlock has launched highly targeted campaigns designed to disrupt operations, steal sensitive data, and encrypt virtual machines, including those critical to medical and administrative workflows.

Hospitals and clinics with both Windows and Linux systems are at risk, as the ransomware is capable of attacking virtual environments, compromising patient records, lab systems, and financial data.

How Interlock Gains Access

The group uses drive-by downloads and social engineering to breach networks:

  • Initially, they hijack legitimate websites and trick users through a tactic called ClickFix, which urges staff to click on fake “browser fixes.”
  • More recent versions use FileFix lures, another ploy to install malware.
  • They’ve also deployed fake Google Chrome and Microsoft Edge updates to install malicious code.

Once inside:

  • They establish persistence by dropping malware into Windows Startup folders or modifying registry keys via PowerShell.
  • Tools like Lumma Stealer and Berserk Stealer are used to harvest credentials, including those with access to electronic health records (EHR) and billing systems.
  • Keyloggers silently monitor everything your staff types.

For deeper infiltration:

  • The attackers move laterally using remote desktop tools and stolen credentials.
  • They deploy legitimate apps like AnyDesk and PuTTY to hide malicious activity.
  • Once inside, they often compromise domain administrator accounts, giving them full control.

In some cases, they’ve accessed Microsoft Azure Storage and used tools like WinSCP to move files to external servers before launching encryption attacks that lock down virtual machines, often disrupting care delivery.

What You Should Do Now

Healthcare providers are urged to:

  • Patch all systems, especially those exposed to the internet.
  • Train staff to recognize fake browser updates and suspicious download prompts.
  • Monitor for unusual file transfer activity, especially to cloud storage.
  • Segment networks to reduce ransomware spread.
  • Review incident response plans with ransomware in mind.

With HIPAA penalties, patient safety risks, and operational shutdowns all on the line, proactive defense is more critical than ever.

The headlines in this issue are more than cautionary tales. They’re urgent reminders to reevaluate your cybersecurity posture, vendor relationships, and incident response readiness. 

In healthcare, digital resilience is a frontline defense for your patients and your practice.

Review your 3rd party security posture, perform a cybersecurity assessment, and implement incident response protocols today. Don’t wait until it’s your organization in the headlines.

If you found this newsletter helpful, don’t forget to share it with your colleagues.

Best regards,

The Infoguard Cybersecurity Team