ALLENTOWN, Pa. — Lehigh Valley Health Network has addressed a data security breach affecting Lehigh Valley Physician Group-Delta Medix, in which it says personal information of some individuals was compromised.
As part of its efforts to support affected individuals, LVHN said it has arranged a complimentary 24-month subscription to Experian's IdentityWorks service.
- Lehigh Valley Health Network discloses a data security breach affecting Lehigh Valley Physician Group-Delta Medix
- The breach was the result of a cyber attack by the ransomware gang BlackCat, believed to have ties to Russia
- LVHN said it detected the ransomware on Feb. 6, initiated an investigation with cybersecurity experts, contained the ransomware and notified law enforcement
The service provides identity monitoring to help individuals monitor any potential misuse of their personal information.
Instructions for activating the membership are included in the notification letters sent to affected individuals.
In the event of suspected identity theft, individuals are advised to report the incident to local law enforcement or their state attorney general.
"We understand that this is concerning and want to assure you that we have taken prompt action to address the issue. We are also working with our cybersecurity experts on ways to continue to strengthen LVHN’s cyber defenses."Lehigh Valley Hospital Network statement
"We understand that this is concerning and want to assure you that we have taken prompt action to address the issue," the hospital said in a statement.
"We are also working with our cybersecurity experts on ways to continue to strengthen LVHN’s cyber defenses."
Steps taken
LVHN said the incident was a result of a cybersecurity attack by the ransomware gang known as BlackCat, believed to be associated with Russia.
The ransomware was discovered Feb. 6 on part of LVHN's information technology systems, LVHN said. In response, it said, it launched a comprehensive investigation involving the assistance of leading cybersecurity experts to determine the cause and extent of the incident.
"We are committed to data protection and deeply regret any concern or inconvenience this incident may have caused."LVHN statement
The ransomware was contained, and law enforcement agencies were notified and cooperated during the investigation, LVHN said.
LVHN previously said it was able to continue work uninterrupted.
The breach was determined to have occurred Jan. 8, specifically targeting LVPG-Delta Medix, LVHN said.
Following a thorough analysis of the acquired data, LVHN said it identified the personal information that was compromised.
That information varied by individual, but potentially included names, addresses, phone numbers, medical record numbers, treatment and diagnosis information (including current procedural terminology codes) and health insurance details, LVHN said.
In some cases, the stolen information also included email addresses, banking information, Social Security numbers and clinical images of patients during treatment, the hospital network said.
In addition to collaborating with leading cybersecurity firms and experts to analyze the incident's scope, LVHN said it has invested further in strengthening its security measures.
"We are committed to data protection and deeply regret any concern or inconvenience this incident may have caused," LVHN's statement said.
Read our related coverage below: