Cyber Incident Victim: Valle del Sol Community Health

Valle del Sol Community Health, based in Phoenix, Arizona, detected unauthorized activity on its network on January 25, 2022. The organization responded by immediately securing its systems to prevent further access and engaged an independent cybersecurity firm to investigate the incident. While the exact timeline of the attackers' network access was not publicly disclosed, the investigation confirmed that unauthorized individuals had gained access to files containing sensitive patient data. The forensic review determined these files may have been acquired by the threat actors. A comprehensive analysis of all potentially compromised files concluded on July 18, 2022, nearly six months after initial detection. This extended investigation period delayed patient notifications as Valle del Sol prioritized verifying the accuracy of contact information for affected individuals, a process that finalized on September 1, 2022.

The breach impacted 70,268 patients whose protected health information was exposed, though Valle del Sol reported no instances of actual misuse of this data as of their October 2022 disclosure. Notification letters were dispatched following the completion of address verification, with a public website notice published on October 5, 2022, explaining the delay between discovery and notification. The organization implemented enhanced security measures to prevent recurrence but did not specify the nature of these technical or procedural improvements. Operational disruptions were not detailed in available reports, though the incident required significant investigative resources spanning eight months from detection to public disclosure. Valle del Sol's response followed a containment-investigation-notification pattern typical of healthcare breaches, with no ransom demands or attacker identity revealed in official communications.