Healthcare Lacks Immunity as it Tops the Cybercrime Hit List in May 2021

Claiming three of the top-6 major third-party data breaches from May 2021, last month was especially active in terms of healthcare-related data breaches. With no tolerance to downtime, the industry is a particularly juicy target for ransomware. Incurring the highest average cost of a breach at $7.13 million, these attacks certainly come with a hefty price tag.

1. Patients of Trinity Health, Massena Hospital and Hope Health become the latest victims of the CaptureRX breach

The total number of patients impacted by the CaptureRX data leak continues to grow, now reaching over 1.6 million since February. Comparable to the Accellion FTA compromise, this is panning out to be one of the most significant cyber attacks against the healthcare sector the world has seen to date.

Both the large quantity of sensitive medical data and inability to avoid downtime make healthcare networks a prime target. It may seem a bit paradoxical, but the defense techniques for ransomware are not very difficult. Disabling critical ports, employee protection, effective patch management and continuous third party monitoring are some of the steps in avoiding a ransomware attack.

2. A ransomware attack on MednetWorx led to EHR system outages

Medical practitioners were unable to access health record systems for weeks after a ransomware attack against MedNetwoRX. This has an impact on medical practices, clinics and hospitals of all sizes, from individual practitioners to conglomerates relying on MedNetworx to host the CompuGroup eMDs vendor electronic registration systems. 

Being an EHR vendor to many healthcare organizations, MedNetworx indicated it had encountered a network failure on April 22, resulting in its servers and other IT systems being temporarily disabled. The Alpine Center for Diabetes, Endocrinology and Metabolism, and the Arthritis & Osteoporosis Center in Kentucky, were recognized as victims of two large clientele.

3. Two more healthcare systems were affected by the NetGain breach

Initially disclosed in December 2020, the ripple effects of the NetGain supply-chain attack continue to unfold. SAC Health Systems and San Diego Family Care (SDFC) added to the list of healthcare institutions affected by the breach. Mainly affecting governments and healthcare providers, the ransomware attack touched hundreds of thousands of individuals with compromised personal information.

It is usual for ransomware groups to take data before encrypting it in order to extort the victim into paying the ransom. Ransomware gangs like managed service providers such as NetGain because they can spread the damage further down the line and impact several organizations, allowing them to demand a greater ransom to  be paid.

Although months have passed since the vendor was struck, the RSI™ is still quite high on Black Kite platform, nearly reaching the critical threshold. The vendor still has possible vulnerabilities due to out-of-date systems, scoring an F in patch management and indicating misconfigurations in email security, DDoS resiliency and SSL/TLS strength.

Read more about the current state of cybersecurity across healthcare supply chains in our latest Ransomware Risk Pulse. Download now →

Healthcare is not the only industry on the top of the hit list, and it’s no surprise as to why nearly three-quarters (72%) of cybersecurity professionals are concerned about supply chain risks to their organization. Not only do these breach developments negatively impact the targeted organizations themselves, they create ripple effects across the supply chain.

4. Lack of security education led to a breach that impacted 72,000 Pennsylvanians

We have witnessed numerous breaches stemming from contact-tracing applications since the onset of the pandemic. According to the U.S. Department of Health, Pennsylvanians are the latest victims of such a breach. Stemmed from software vendor Insights Global, employees shared information through unauthorized Google accounts.

Although the state’s contract with the Insights Global did not expire until July 31, the contract has been terminated and contract-tracing has been passed on to the National Guard. Regulations and growth in cybersecurity frameworks clearly indicate how critical due diligence is when vetting and engaging with third parties.

5. Another development is made in the CodeCov breach that surfaced in mid-April

New victims have surfaced from the CodeCov breach that made headlines the month prior. Joining The Washington Post and Procter & Gamble on the list,, Rapid7 and Mercari claimed hackers gained access to their systems through the popular software vendor.

According to a statement made by cybersecurity company Rapid7, accessed repositories included internal credentials, for a subset of their Managed Detection and Response (MDR) customers. On a related note, the source code of’s online workflow management program was leaked as a result of the vendor’s breach.

6. One million postal service customers suffered after a software vendor was attacked

Canada Post, Canada’s primary postal operator that serves 16.5 million customers, had residents’ personal information exposed after a ransomware attack that stemmed from vendor Commport Communications. Exposed information included sender and receiver information as well as mailing addresses for both commercial and residential customers.

Lorenz ransomware gang, the group behind the attack, published on its data leak site that it had breached Commport Communications. Although the organization is yet to issue a statement, with a Ransomware Susceptibility Index™ (RSI) of 0.587, it’s clear that Commport Communications could have made steps to avoid the attack entirely.

Uncover Your Own RSITM

For a comprehensive list that’s updated in real time, visit our Third-Party Data Breaches page.