Cyber Incident Victim: Medical Associates of the Lehigh Valley
Date:
Jul 2022
Location:
United States of America
Summary
A sophisticated ransomware attack targeted Medical Associates of the Lehigh Valley, compromising its network and potentially exposing protected health information of 75,628 patients. The breach involved unauthorized access to files containing names, contact details, Social Security numbers, driver’s licenses, medical diagnoses, treatment details, medications, and lab results, with varying data per individual. While no confirmed misuse of information was identified, the organization engaged forensic specialists, reinforced security measures post-assessment, and advised affected patients to monitor financial and insurance statements for suspicious activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 3, 2022, Medical Associates of the Lehigh Valley (MATLV) detected a sophisticated ransomware attack on its network. The organization immediately implemented containment measures to halt further unauthorized access. Third-party forensic specialists were engaged to investigate the incident, assess its scope, and identify compromised systems. The investigation confirmed unauthorized access to portions of the network storing protected health information but found no evidence of actual misuse of patient data. The attackers potentially viewed or exfiltrated files containing sensitive information belonging to 75,628 patients during the breach.
The compromised data included names, addresses, email addresses, dates of birth, Social Security numbers, driver’s license numbers, state identification numbers, health insurance details, medical diagnoses, treatment histories, prescribed medications, and laboratory results. The specific information exposed varied across affected individuals. MATLV enlisted cybersecurity specialists to audit pre-existing security protocols and subsequently strengthened its defenses based on their findings. The organization notified impacted patients, advising them to monitor financial accounts and insurance explanation of benefits statements for suspicious activity. No ransomware payment details or specific attacker attribution were disclosed in the public notification.