Lamoille Health Partners

Lamoille Health Partners, also known as Lamoille Health, is a community health provider operating within the state of Vermont, United States. Its core function involves delivering healthcare services to local populations, though the specific range of medical offerings or specialties beyond the broad designation of community health is not detailed in the available source material. The organization serves patients within its Vermont community, focusing on their healthcare needs. Based on the significant data breach incident it experienced, Lamoille Health handles substantial volumes of sensitive personal and medical information as part of its operations.

This Vermont-based provider suffered a significant cybersecurity incident on July 8, 2022, when it was targeted by the BlackByte ransomware group. The attack resulted in the successful exfiltration of highly sensitive data belonging to both patients and employees. Compromised patient information included names, dates of birth, Social Security numbers, and details of medical conditions. Employee payroll information was also stolen during the breach. The incident impacted a total of 59,381 individuals whose data was exposed. BlackByte employed a double extortion tactic, threatening to leak the stolen data unless ransom demands were met; subsequently, some of the stolen data was leaked by the group. Lamoille Health Partners confirmed the data exposure but delayed notifying affected patients while conducting its internal investigation into the breach's scope. As a remedial measure, the organization offered credit monitoring services to individuals whose Social Security numbers were compromised. The ultimate disposition of all the stolen data remains unresolved, as BlackByte's original leak site was shut down after the incident.