Cyber Incident Victim: Golden Valley Health Centers

On March 3, 2020, Golden Valley Health Centers identified suspicious activity involving unauthorized access to an employee email account by an unknown third party. The organization’s IT staff initiated an immediate investigation upon detection and enlisted computer forensic specialists to assess potential data exposure. The forensic examination confirmed that the compromised email account contained patient information, though investigators found no evidence that unauthorized parties actually viewed or extracted the data. Potentially exposed information included medical records, billing details, insurance information, patient referral documents, and appointment scheduling records. The breach window was limited to the period before March 3 when unauthorized access occurred, though the exact duration of exposure wasn't specified. Golden Valley maintained throughout their investigation that no misuse of patient information had been identified despite the confirmed breach of the email account.

Golden Valley Health Centers notified all potentially affected patients through direct mail correspondence, detailing the incident’s circumstances and offering access to a dedicated toll-free inquiry line (833-570-0383) operational on weekdays from 8:00 AM to 8:00 PM Central Time. While reiterating that no evidence suggested actual data access or misuse occurred, the organization implemented corrective measures including enhanced employee cybersecurity training, comprehensive reviews of information security protocols, and revisions to privacy policies and procedures. The notification letters provided recipients with the option to request copies of their specific exposure details. Golden Valley publicly emphasized patient privacy as a continuing priority and expressed regret for any concern or inconvenience caused by the incident, though they did not disclose the exact number of affected individuals or specific technical details about the account compromise method.