The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Lehigh Valley Health Network and MKS Instruments Recovering from Ransomware Attacks

Posted By on Feb 21, 2023

Lehigh Valley Health Network (LVHN) in Pennsylvania has confirmed that it is dealing with a ransomware attack that was detected on February 6, 2023. An announcement was made on Monday confirming the Russian-speaking ransomware gang, BlackCat, was behind the attack and demanded a ransom, but no payment was made.

Brian A. Nester, LVHN President and CEO, said the attack has not affected its operations and care continues to be provided to patients. While the attack is still being investigated, Nester has confirmed that the attack was conducted on a network supporting an unnamed physician practice in Lackawanna County and that the network housed a system that was used to store “clinically appropriate patient images for radiation oncology treatment,” and other sensitive information. That practice appears to be Delta Medix in Scranton, PA. It is currently unclear if other physician practices have been affected.

The LVHN technology team launched an investigation when suspicious network activity was detected, its network was immediately secured, and third-party cybersecurity experts were engaged to conduct a forensic analysis to determine the nature and scope of the attack. “We are continuing to work closely with our cybersecurity experts to evaluate the information involved and will provide notices to individuals as required as soon as possible. Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” said Nester in a media statement.

Update: March 8, 2023

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Over the weekend, the BlackCat ransomware group updated its data leak site warning that data was stolen in the attack and will be published online if the ransom is not paid. The group also published screenshots of some of the stolen data and, in what is believed to be a first following a ransomware attack, some images of breast cancer patients – naked from the waist up – in an escalation to pressure the health system into paying the ransom.

Update May 15, 2023

The breach was reported to the HHS’ Office for Civil Rights as affecting 627 individuals.

MKS Instruments Affected by Ransomware Attack

MKS Instruments, an Andover, MA-based manufacturer of measuring and control devices, has confirmed that it has been attacked with ransomware. According to the breach notification letters – dated February 16, 2023 – the parent company of MKS and the Atotech group of companies discovered the attack on February 13, 2023 – three days before notifications were sent.

The notice sent to the Attorneys General in California and Montana explains that immediate action was taken in response to the attack and that the investigation into the breach is ongoing. MKS confirmed that the attack affected certain business systems, such as production-related systems, which forced a temporary suspension of certain operations. Systems are being restored as quickly as possible, as it is determined that it is safe to do so.

MKS confirmed that it is currently unaware of any concrete risks or threats to individual data subjects, but says data theft cannot be ruled out. The types of information potentially stolen include names, contact information, addresses, government ID numbers (including SSNs), work login credentials/passwords, marital status, veteran status, nationality, immigration status, race, gender, sexual orientation, bank account information, payment card information, information about compensation status and equity, job positions, time/hours worked, information about disabilities, health and medical conditions, employer union information, health insurance information, and basic information about partners, children, and emergency contact information. Affected individuals have been offered complimentary identity theft monitoring and protection services for 2 years.

It is currently unclear how many individuals have been affected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist