LVPG was the target a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. Since then, they have been undertaking the complex and labor-intensive exercise of evaluating the information involved in the incident. Analyzing this unstructured data and identifying the individuals whose information was stolen requires significant time, energy, and resources because of the nature of the information.
On February 6, 2023, LVPG discovered ransomware on a portion of their IT systems. They immediately launched a comprehensive investigation to determine the cause and scope of the incident. LVPG retained leading cybersecurity experts to assist with their investigation and contained the ransomware. Additionally, they promptly notified and cooperated with law enforcement. Their investigation determined that the breach occurred on January 8, 2023 and was focused on LVPG – Delta Medix.
Based on the investigation and data analysis, LVPG identified personal information in the files that the hackers acquired. The affected information varied by individual but potentially included some combination of the following data elements: names, addresses, phone numbers, medical record number, treatment and diagnosis information, including Current Procedural Terminology (CPT) codes, and health insurance information. For some individuals, the information included email addresses, banking information and Social Security number. The information for a limited number of individuals included clinical images of patients during treatment.
In addition to working closely with leading cybersecurity firms and experts to analyze the scope of the incident, LVPG has further invested in enhancing the security and protection of their IT systems, and they continue to take appropriate steps to safeguard patient information.