Cyberattacks Reported by Las Vegas Cancer Center and Seneca Family of Agencies
Seneca Family of Agencies, a California provider of mental health, education, juvenile justice, placement, and permanency services, identified unauthorized activity within its computer systems on August 27, 2021. Action was immediately taken to secure its systems and prevent further unauthorized access, with the subsequent investigation confirming its systems were compromised on August 25.
While no evidence of actual or attempted misuse of information has been identified, it is possible protected health information was compromised. The types of information stored on the affected systems differed from patient to patient and may have included the following data elements: name, date of birth, Social Security number, address, phone number, email address, medical record number, treatment/diagnosis information, health insurance information, Medicare/Medicaid number, provider name, prescription information, driver’s license/state identification number, and/or digital signature.
Seneca Family of Agencies said, as a precaution, affected individuals are being offered credit monitoring and identity protection services at no cost. Additional security measures have now been implemented to better protect information stored on its systems.
Two breach reports have been sent to the HHS’ Office for Civil Rights, one submitted on October 26 says the protected health information of 2,470 patients was compromised and the second, submitted on November 5 indicates the PHI of 19,725 individuals may have been compromised.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
PHI of 3,000 Individuals Potentially Compromised in Las Vegas Cancer Center Ransomware Attack
Las Vegas Cancer Center has announced it was the victim of a ransomware attack over the Labor Day weekend. The cyberattack was discovered on September 7, 2021, when the center re-opened.
The attackers succeeded in encrypting data on its network and, prior to using ransomware, may have exfiltrated the protected health information of current and former patients including names, addresses, dates of birth, Social Security numbers, medical record numbers, and health insurance information.
Las Vegas Cancer Center said it had implemented multiple cybersecurity measures to prevent unauthorized access prior to the attack. While patient data may have been exfiltrated, it was stored in a proprietary format so is not believed to have been accessed by the attackers. The cancer center also said no evidence of data theft was found nor was any ransom demand.
