Utah Pathology Services Email Breach Potentially Affects 112,000 Patients

Utah Pathology Services has announced an unauthorized individual has gained access to the email account of an employee and attempted to redirect funds from Utah Pathology. The breach was detected promptly, the compromised email account was secured, and the attempted fraud was unsuccessful and did not involve any patient information.

Independent IT and forensic investigators were engaged to assist with the investigation and help determine the extent of the breach. The investigation is ongoing, but it has now been confirmed that the compromised email account contained the personal and protected health information of 112,124 patients.

The purpose of the attack appears to have been to redirect funds to an account under the control of the attacker, rather than to steal patient data; however, the possibility of data theft could not be ruled out and affected individuals are now being notified about the breach.

The compromised email account contained the following types of information in addition to patient names: Gender, date of birth, mailing address, phone number, email address, health insurance information, internal record numbers, and diagnostic information related to pathology services. A small number of affected individuals had their Social Security number exposed.

No evidence of misuse of patient information has been found to date but, out of an abundance of caution, affected individuals have been offered 12 months complimentary membership to Cyberscout’s identity monitoring service.

Utah Pathology Services is reviewing its privacy and security measures and additional safeguards will be implemented, as appropriate, to prevent further breaches in the future.

Valley Health Systems Suffers Ransomware Attack

Valley Health Systems, a healthcare provider serving around 75,000 patients in southern West Virginia, southeastern Ohio and eastern Kentucky, was attacked with ransomware on or around August 22, 2020.

As is common in manual ransomware attacks, prior to the encryption of data, files were exfiltrated by the attackers and were used to pressure the healthcare provider into paying the ransom. Some of the data stolen in the attack has been published on a leak site.

Valley Health Systems continued to provide medical services to patients while recovering from the attack and patient care was unaffected. Several systems are still affected and are being slowly restored and brought back online. Third-party cybersecurity experts have been assisting with the investigation and recovery.

According to a statement VHS provided to databreaches.net, “Unfortunately, the threat actor has released some of our information. We are doing everything we can to understand what information is at risk and to protect patient information.” Databreaches.net confirmed that the attack involved Sodinikibi (REvil) ransomware.

VHS said, “We are committed to completing a full forensic review following the resolution of this outage, and we will take all appropriate action, which may include notifying affected patients, in response to our findings. We have also taken steps to notify the FBI and intend to fully cooperate with any investigation into this incident.”

The breach has yet to appear on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.