PHI Compromised in June Cyberattack on University Medical Center of Southern Nevada

An update has been released in relation to the University Medical Center of Southern Nevada (UMC) cyberattack that took place during June 2021.

A July 29, 2021 UMC press release revealed that a portion of patient information was infiltrated during the data breach that took place during June 14, 2021. It also confirmed that this cyberattack was the work of a “by a well-known group of hackers renowned for stealing private data in order to make a commercial gain,”.

UMC confirmed that the first indication of suspicious activity was discovered on its databases on June 14. Following this the information technology department moved quickly to shut down access and expel the hackers from its network. The group also said that the breach had been successfully managed by June 15. An official review was conducted and early indications were that the cybercriminals obtained access to a range of file servers. This did not result in disruption to patient care or its databases thanks to the quick measures implemented by the information technology department.

At first UMC believed that the hackers were unable to infiltrate any of the clinical systems on their databases. However, now that precise detail and scope of the attack have been established it has been confirmed that a range of data that included patients’ protected health information (PHI) may have been stolen as part of the attack. This PHI may have included names, addresses, dates of birth, Social Security numbers, health insurance information, financial information, and some clinical information, including medical histories, diagnoses, and test results.

However, UMC have confirmed that, to date, no proof has been found to suggest that there has been any improper use of PHI by the cybercriminals. 

Any patients that may have been impacted as art of the breach have been issued with notification letters. Additionally, free identity theft protection services are being made available as a precautionary measure. 

The FBI and Las Vegas Metropolitan Police Department have been made aware of the cyberattack. UMC is also working with external cybersecurity consultants to put in place stronger internal and external technology solutions to secure the group from the prospect of any future cyberattacks infiltrating their systems. 

 

 

HIPAA Violation Penalties

Most Common HIPAA Violations Causes