Cyber Incident Victim: Salud Family Health
Date:
Sep 2022
Location:
United States of America
Summary
A healthcare provider reported a data breach involving unauthorized access to its network, compromising sensitive employee and patient information. The incident exposed names, Social Security numbers, driver’s license or state ID numbers, financial account and credit card details, passport numbers, medical treatment and diagnosis data, health insurance information, biometric data, and login credentials. After detecting suspicious network activity, the organization secured its systems, engaged third-party specialists to investigate, and confirmed the unauthorized access. Impacted individuals received notification letters detailing the exposure. The Colorado-based provider operates 13 clinics and a mobile unit, serving over 68,000 patients annually primarily from migrant and seasonal farmworker communities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 5, 2022, Salud Family Health detected unusual activity within its computer network, prompting immediate system security measures and the engagement of third-party data security specialists to investigate the incident. The investigation confirmed unauthorized access to Salud's network, specifically impacting sections containing sensitive patient and employee information. The breach exposed a range of personal data, including names, Social Security numbers, driver’s license or state identification numbers, financial account details, credit card numbers, passport numbers, medical treatment and diagnosis information, health insurance details, biometric data, and usernames with passwords. By November 4, 2022, Salud formally reported the breach to the Montana Attorney General’s Office and initiated a review of compromised files to identify affected individuals and specific data elements involved. The company completed this review and mailed "Notice of Security Incident" letters to all impacted parties, detailing the exposure and providing guidance on mitigating identity theft and fraud risks. The breach affected both patients and employees, with Salud serving over 68,000 patients annually across 13 clinics and a mobile unit in Colorado.
Salud Family Health, founded in 1970 and headquartered in Fort Lupton, Colorado, specializes in serving migrant and seasonal farmworker communities across northern and southeastern Colorado. The organization employs more than 715 staff and generates approximately $28 million in annual revenue. The compromised data’s scope varied by individual but encompassed highly sensitive categories, creating significant risks for identity theft and financial fraud due to the inclusion of financial credentials and government-issued identification details. The breach timeline indicates a two-month gap between initial detection on September 5 and formal notifications on November 4, during which Salud conducted its investigation and system review. No specific attacker methodologies or containment measures beyond system securing were disclosed in available reports. The incident reflects broader targeting of healthcare providers, as noted in the source material, though no attribution or motive was confirmed by Salud’s filings or public notices.