HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberattacks Reported by Las Vegas Cancer Center and Seneca Family of Agencies

Seneca Family of Agencies, a California provider of mental health, education, juvenile justice, placement, and permanency services, identified unauthorized activity within its computer systems on August 27, 2021. Action was immediately taken to secure its systems and prevent further unauthorized access, with the subsequent investigation confirming its systems were compromised on August 25.

While no evidence of actual or attempted misuse of information has been identified, it is possible protected health information was compromised. The types of information stored on the affected systems differed from patient to patient and may have included the following data elements: name, date of birth, Social Security number, address, phone number, email address, medical record number, treatment/diagnosis information, health insurance information, Medicare/Medicaid number, provider name, prescription information, driver’s license/state identification number, and/or digital signature.

Seneca Family of Agencies said, as a precaution, affected individuals are being offered credit monitoring and identity protection services at no cost. Additional security measures have now been implemented to better protect information stored on its systems.

Two breach reports have been sent to the HHS’ Office for Civil Rights, one submitted on October 26 says the protected health information of 2,470 patients was compromised and the second, submitted on November 5 indicates the PHI of 19,725 individuals may have been compromised.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

PHI of 3,000 Individuals Potentially Compromised in Las Vegas Cancer Center Ransomware Attack

Las Vegas Cancer Center has announced it was the victim of a ransomware attack over the Labor Day weekend. The cyberattack was discovered on September 7, 2021, when the center re-opened.

The attackers succeeded in encrypting data on its network and, prior to using ransomware, may have exfiltrated the protected health information of current and former patients including names, addresses, dates of birth, Social Security numbers, medical record numbers, and health insurance information.

Las Vegas Cancer Center said it had implemented multiple cybersecurity measures to prevent unauthorized access prior to the attack. While patient data may have been exfiltrated, it was stored in a proprietary format so is not believed to have been accessed by the attackers. The cancer center also said no evidence of data theft was found nor was any ransom demand.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.