The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack on Medical Associates of the Lehigh Valley Affects 75K Patients

Posted By on Sep 14, 2022

Medical Associates of the Lehigh Valley in Pennsylvania (MATLV) has announced that it recently fell victim to a sophisticated ransomware attack on its network. The attack was detected on July 3, 2022, and immediate action was taken to contain the attack and prevent further unauthorized access to its network. Third-party forensics specialists were engaged to assist with the investigation and determine the nature and scope of the attack.

MATLV said the investigation did not uncover any evidence indicating the misuse of patient information, but parts of the network that were accessed by the attackers contained files that included the protected health information of 75,628 individuals, which may have been viewed or exfiltrated in the attack. The files contained names, addresses, email addresses, birth dates, Social Security numbers, driver’s license numbers, state ID numbers, health insurance provider names, medical diagnoses, treatment information, medications, and lab results. The types of information exposed in the attack varied from patient to patient.

Cybersecurity specialists evaluated the security measures that had been implemented prior to the attack and security has been reinforced based on their recommendations. Affected individuals have been encouraged to monitor their financial accounts and explanation of benefits statements and report any suspicious activity.

TennCare Reports Accidental Exposure of Patients’ PHI

TennCare, Tennessee’s state Medicaid program, has recently notified approximately 1,700 patients about the accidental exposure of some of their protected health information. According to a statement issued by TennCare officials, a new application was implemented that inadvertently associated people in one household with people in another household, if those households included some of the same people.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The issue was rapidly identified and corrected, but for a short period, the names and ages of affected people and their dependents would have been visible to other people who at one time were part of the same case file. For 15 individuals, more sensitive information was visible such as Social Security number, address, and date of birth. While the risk of misuse of information is believed to be low, affected individuals have been offered a 12-month complimentary membership to an identity theft protection and credit monitoring service, which includes a $1 million identity theft insurance policy.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist