Lehigh Valley Health Network Targeted by Ransomware

The breach occurred in early January of 2023.

By HFT Staff


LVPG was the target a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. Since then, they have been undertaking the complex and labor-intensive exercise of evaluating the information involved in the incident. Analyzing this unstructured data and identifying the individuals whose information was stolen requires significant time, energy, and resources because of the nature of the information. 

On February 6, 2023, LVPG discovered ransomware on a portion of their IT systems. They immediately launched a comprehensive investigation to determine the cause and scope of the incident. LVPG retained leading cybersecurity experts to assist with their investigation and contained the ransomware. Additionally, they promptly notified and cooperated with law enforcement. Their investigation determined that the breach occurred on January 8, 2023 and was focused on LVPG – Delta Medix. 

Based on the investigation and data analysis, LVPG identified personal information in the files that the hackers acquired. The affected information varied by individual but potentially included some combination of the following data elements:  names, addresses, phone numbers, medical record number, treatment and diagnosis information, including Current Procedural Terminology (CPT) codes, and health insurance information.  For some individuals, the information included email addresses, banking information and Social Security number. The information for a limited number of individuals included clinical images of patients during treatment. 

In addition to working closely with leading cybersecurity firms and experts to analyze the scope of the incident, LVPG has further invested in enhancing the security and protection of their IT systems, and they continue to take appropriate steps to safeguard patient information.  



July 10, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

On the Lookout: The Software Supply Chain as a Healthcare Cyberattack Vector

Staying watchful of third-party software vendors and their activities is critical for healthcare cybersecurity.


Hackensack Meridian Health & Wellness Center at Clifton Opens

The Clifton center expands health care access in Passaic County by reducing barriers such as travel and wait times.


Suffolk Breaks Ground on Expansion of White Plains Hospital

The 10-story, approximately 500,000-square-foot expansion is slated to open in 2028.


EVS Leadership Culture Critical in Preventing Hospital-Acquired Sepsis

Cleaning is an essential yet complex component for the prevention of HAI-induced sepsis.


Man Dies by Suicide in Emergency Department Waiting Room at Kansas Hospital

No staff or patients were harmed, and the man was alone in the waiting area when he shot himself.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.