Cyber Incident Victim: Three Rivers Regional Commission
Date:
Jul 2021
Location:
United States of America
Summary
Three Rivers Regional Commission experienced a ransomware attack compromising sensitive information, including Social Security numbers and medical records, for approximately 2,000 individuals. The organization responded by engaging cybersecurity experts and implementing enhanced security protocols to mitigate future risks. Concurrently, unrelated breaches affected Retinal Consultants Medical Group and ACE Surgical Supply, involving unauthorized system access that potentially exposed patient names, medical conditions, financial data, and dates of birth. Both entities offered multi-year credit monitoring services to affected individuals while investigating the scope of data exposure. These incidents collectively underscored vulnerabilities in safeguarding protected health information against evolving cyber threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Three Rivers Regional Commission detected a ransomware attack on July 20, 2021, which potentially exposed protected health information of approximately 2,000 patients. The compromised data included sensitive personal identifiers such as Social Security numbers alongside medical records, though specific details about the ransomware variant or initial attack vector were not disclosed in public notifications. The organization did not confirm whether data exfiltration occurred prior to encryption but acknowledged unauthorized access to systems during the incident timeframe. Following detection, Three Rivers engaged third-party cybersecurity experts to investigate the breach scope and assist with containment efforts. As part of their response, the commission initiated implementation of enhanced security measures to strengthen network defenses against future attacks, though technical specifics of these measures were not detailed in available reports. Impacted individuals received notifications about potential exposure of their sensitive information, though the notification timeline and method were not explicitly stated in the source material. The commission's public disclosure emphasized the potential risks of identity theft and medical fraud stemming from the exposed data categories.
This incident occurred within a broader context of healthcare-sector attacks during mid-2021, as evidenced by contemporaneous breaches at Retinal Consultants Medical Group and ACE Surgical Supply. While Retinal Consultants reported a service-disrupting cyberattack detected around July 12, 2021, and ACE Surgical Supply discovered unauthorized system access on June 29, Three Rivers' July 20 ransomware event shared operational similarities including third-party forensic investigations and potential PHI compromise. All three entities faced data integrity breaches involving core patient information categories, though Three Rivers' incident affected a smaller population compared to ACE Surgical Supply's 12,122 impacted individuals. No threat actor group claimed responsibility for the Three Rivers attack in available reporting, and the commission did not disclose whether ransom demands were made or paid. The organization's post-incident actions focused on infrastructure hardening rather than discussing remediation services for affected parties, contrasting with Retinal Consultants' credit monitoring offerings and ACE Surgical Supply's 24-month protection program.