HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack on Medical Associates of the Lehigh Valley Affects 75K Patients

Medical Associates of the Lehigh Valley in Pennsylvania (MATLV) has announced that it recently fell victim to a sophisticated ransomware attack on its network. The attack was detected on July 3, 2022, and immediate action was taken to contain the attack and prevent further unauthorized access to its network. Third-party forensics specialists were engaged to assist with the investigation and determine the nature and scope of the attack.

MATLV said the investigation did not uncover any evidence indicating the misuse of patient information, but parts of the network that were accessed by the attackers contained files that included the protected health information of 75,628 individuals, which may have been viewed or exfiltrated in the attack. The files contained names, addresses, email addresses, birth dates, Social Security numbers, driver’s license numbers, state ID numbers, health insurance provider names, medical diagnoses, treatment information, medications, and lab results. The types of information exposed in the attack varied from patient to patient.

Cybersecurity specialists evaluated the security measures that had been implemented prior to the attack and security has been reinforced based on their recommendations. Affected individuals have been encouraged to monitor their financial accounts and explanation of benefits statements and report any suspicious activity.

TennCare Reports Accidental Exposure of Patients’ PHI

TennCare, Tennessee’s state Medicaid program, has recently notified approximately 1,700 patients about the accidental exposure of some of their protected health information. According to a statement issued by TennCare officials, a new application was implemented that inadvertently associated people in one household with people in another household, if those households included some of the same people.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The issue was rapidly identified and corrected, but for a short period, the names and ages of affected people and their dependents would have been visible to other people who at one time were part of the same case file. For 15 individuals, more sensitive information was visible such as Social Security number, address, and date of birth. While the risk of misuse of information is believed to be low, affected individuals have been offered a 12-month complimentary membership to an identity theft protection and credit monitoring service, which includes a $1 million identity theft insurance policy.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.