Medical Associates of the Lehigh Valley in Pennsylvania (MATLV) has announced that it recently fell victim to a sophisticated ransomware attack on its network. The attack was detected on July 3, 2022, and immediate action was taken to contain the attack and prevent further unauthorized access to its network. Third-party forensics specialists were engaged to assist with the investigation and determine the nature and scope of the attack.
MATLV said the investigation did not uncover any evidence indicating the misuse of patient information, but parts of the network that were accessed by the attackers contained files that included the protected health information of 75,628 individuals, which may have been viewed or exfiltrated in the attack. The files contained names, addresses, email addresses, birth dates, Social Security numbers, driver’s license numbers, state ID numbers, health insurance provider names, medical diagnoses, treatment information, medications, and lab results. The types of information exposed in the attack varied from patient to patient.
Cybersecurity specialists evaluated the security measures that had been implemented prior to the attack and security has been reinforced based on their recommendations. Affected individuals have been encouraged to monitor their financial accounts and explanation of benefits statements and report any suspicious activity.
TennCare Reports Accidental Exposure of Patients’ PHI
TennCare, Tennessee’s state Medicaid program, has recently notified approximately 1,700 patients about the accidental exposure of some of their protected health information. According to a statement issued by TennCare officials, a new application was implemented that inadvertently associated people in one household with people in another household, if those households included some of the same people.
The issue was rapidly identified and corrected, but for a short period, the names and ages of affected people and their dependents would have been visible to other people who at one time were part of the same case file. For 15 individuals, more sensitive information was visible such as Social Security number, address, and date of birth. While the risk of misuse of information is believed to be low, affected individuals have been offered a 12-month complimentary membership to an identity theft protection and credit monitoring service, which includes a $1 million identity theft insurance policy.
The post Ransomware Attack on Medical Associates of the Lehigh Valley Affects 75K Patients appeared first on HIPAA Journal.