Lehigh Valley Health Network and MKS Instruments Recovering from Ransomware Attacks

By | February 21, 2023

Lehigh Valley Health Network (LVHN) in Pennsylvania has confirmed that it is dealing with a ransomware attack that was detected on February 6, 2023. An announcement was made on Monday confirming the Russian-speaking ransomware gang, BlackCat, was behind the attack and demanded a ransom, but no payment was made.

Brian A. Nester, LVHN President and CEO, said the attack has not affected its operations and care continues to be provided to patients. While the attack is still being investigated, Nester has confirmed that the attack was conducted on a network supporting an unnamed physician practice in Lackawanna County and that the network housed a system that was used to store “clinically appropriate patient images for radiation oncology treatment,” and other sensitive information. That practice appears to be Delta Medix in Scranton, PA. It is currently unclear if other physician practices have been affected.

The LVHN technology team launched an investigation when suspicious network activity was detected, its network was immediately secured, and third-party cybersecurity experts were engaged to conduct a forensic analysis to determine the nature and scope of the attack. “We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible. Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” said Nester in a media statement.

This post will be updated when more information is released.

MKS Instruments Affected by Ransomware Attack

MKS Instruments, an Andover, MA-based manufacturer of measuring and control devices, has confirmed that it has been attacked with ransomware. According to the breach notification letters – dated February 16, 2023 – the parent company of MKS and the Atotech group of companies discovered the attack on February 13, 2023 – three days before notifications were sent.

The notice sent to the Attorneys General in California and Montana explains that immediate action was taken in response to the attack and that the investigation into the breach is ongoing. MKS confirmed that the attack affected certain business systems, such as production-related systems, which forced a temporary suspension of certain operations. Systems are being restored as quickly as possible, as it is determined that it is safe to do so.

MKS confirmed that it is currently unaware of any concrete risks or threats to individual data subjects, but says data theft cannot be ruled out. The types of information potentially stolen include names, contact information, addresses, government ID numbers (including SSNs), work login credentials/passwords, marital status, veteran status, nationality, immigration status, race, gender, sexual orientation, bank account information, payment card information, information about compensation status and equity, job positions, time/hours worked, information about disabilities, health and medical conditions, employer union information, health insurance information, and basic information about partners, children, and emergency contact information. Affected individuals have been offered complimentary identity theft monitoring and protection services for 2 years.

It is currently unclear how many individuals have been affected.

The post Lehigh Valley Health Network and MKS Instruments Recovering from Ransomware Attacks appeared first on HIPAA Journal.