Skip to content

Arietis Health Data Breach Caused by Weak Cybersecurity

Healthcare cyberattacks expose sensitive patient data more often, putting both businesses and individuals at risk. In 2024 alone, the U.S. Department of Health and Human Services reported around 677 major health data breaches, affecting more than 182 million people. The Arietis Health data breach is one of many incidents in a concerning trend of cyberattacks targeting personal information.

Overview of the Arietis Health Data Breach

The Arietis Health data breach happened because of a flaw in the MOVEit Transfer software, which the Clop ransomware group exploited. Arietis Health LLC, a billing service for NorthStar Anesthesia, confirmed hackers compromised its systems. On July 26, 2023, investigators found that patient data from 54 healthcare providers tied to NorthStar Anesthesia was likely accessed.

The stolen data included personal and medical information, including names, birth dates, Social Security numbers, driver’s licenses, addresses, and medical record details. The breach also affected health insurance, prescription, and treatment information. Arietis Health informed NorthStar Anesthesia about the breach on August 3, 2023, and started notifying impacted patients around the same time.

The U.S. Department of Health and Human Services reports that 1,975,066 individuals were affected. This makes it one of the largest health data breaches tied to the MOVEit Transfer incident.

Class Action Lawsuit Against Arietis Health

Arietis Health is facing a $2.8 million class action lawsuit after a May 2023 data breach exposed the personal information of over 1.9 million patients. The breach was part of a larger cyberattack on the MOVEit file transfer service, owned by co-defendant Progress Software. The lawsuit claims the attack affected over 2,000 organizations worldwide, including Arietis Health, which handles billing for healthcare providers.

The lawsuit alleges that Arietis Health failed to use proper cybersecurity measures to protect patient data, violating its obligations under HIPAA. The complaint states that Arietis Health stored sensitive information on vulnerable systems, which allowed unauthorized access on May 31, 2023.

The Clop ransomware group, reportedly linked to Russia, is identified as the attacker. By June 14, the group began posting victims’ data on its dark website, increasing the risks of identity theft and fraud for those affected. The plaintiffs argue that delays in notifying victims made the situation worse.

The proposed class action represents all individuals whose data hackers compromised. That includes minors and deceased individuals, represented by their guardians or executors. The case highlights the risks caused by the MOVEit cyberattack and its ongoing effects on affected individuals.

Delays in Breach Response Increased Risks for Victims

The class action lawsuit against Arietis Health suggests that delays after the breach put victims at greater risk. There was a long gap between the breach, when the company discovered patient data was exposed, and when patients were informed. This gave hackers more time to use the stolen information, raising the chances of identity theft and fraud. That emphasizes how earlier notice could have helped victims take steps to protect their personal data sooner.

How You Can Guard Protected Health Information (PHI)

Protecting patient data is critical for building trust, following HIPAA rules, and avoiding breaches. Here are practical steps medical providers and businesses can take to secure Protected Health Information (PHI):

  • Control Access to PHI: Limit who can access patient information. Use role-based access and require strong, unique passwords. Adding multi-factor authentication (MFA) gives extra security by requiring a second verification step.
  • Encrypt Patient Data: Encrypt PHI both when storing and sharing it. That blocks unauthorized access, even if someone steals or intercepts the data, unless they have a decryption key.
  • Keep Software Updated: Regularly update all software, including electronic health records (EHR) and file-sharing tools. Software updates often fix security gaps that hackers can exploit.
  • Conduct Regular Security Reviews: Assess your systems regularly to spot weaknesses. Address risks by strengthening your defenses and keeping security policies up to date.
  • Train Employees on Data Protection: Teach staff how to handle PHI securely and recognize threats like phishing emails. Make sure they know your organization’s policies for protecting patient information.
  • Back Up Data Securely: Set up regular backups of patient data and store them in a safe, off-site location. Encrypt backups and test your recovery process to confirm you can restore the data.
  • Monitor Systems for Threats: Use monitoring tools to spot unusual activity or unauthorized access. Regular IT compliance audits can ensure your security measures are effective and compliant with HIPAA.
  • Use Secure Communication Methods: When sharing PHI, use encrypted email or HIPAA-compliant messaging tools. Avoid using unsecured methods like regular email or text messages.

By taking these steps, you can reduce the risk of data breaches and keep patient information safe. Regularly reviewing your security practices ensures better protection and compliance over time.

Protect Your Data

 

Our Partners

Trusted by Partners Across the Country

Logo for Allstate. Logo for Altrua Global Solutions. Logo for DDA Ann Arbor. Logo for Church of the Redeemer. Logo for Coastal Resources. Logo for Del Zotto Products. Logo for Fogelman. Logo for Indratech. Logo for Lynden School District. Logo for N Street Village. Logo for Ocala Metro CEP. Logo for SecurTrust. Logo for Society of American Military Engineers. Logo for Sunshine Air Conditioning. Logo for The Federalist Society. Logo for United Way of Marion County. Logo for Westfields Golf Club. Logo for Andgar Corporation.

Need IT Services? We Can Help!

ITonDemand delivers expert IT services tailored to meet your unique business needs. From cybersecurity to cloud solutions, we empower your organization to thrive in a digital world. You can rely on us for dependable support and innovative solutions.