Lehigh Valley Health Network Cyber Incident Notification
LVPG was the target a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. We take the security and privacy of patient information seriously and protecting that information is critical. We have been undertaking the complex and labor-intensive exercise of evaluating the information involved in the incident. Analyzing this unstructured data and identifying the individuals whose information was stolen requires significant time, energy, and resources because of the nature of the information.
On February 6, 2023, we discovered ransomware on a portion of our IT systems. We immediately launched a comprehensive investigation to determine the cause and scope of the incident. We retained leading cybersecurity experts to assist with our investigation and contained the ransomware. Additionally, we promptly notified and cooperated with law enforcement. Our investigation determined that the breach occurred on January 8, 2023 and was focused on LVPG – Delta Medix.
Based on the investigation and data analysis, we identified personal information in the files that the hackers acquired. The affected information varied by individual but potentially included some combination of the following data elements: names, addresses, phone numbers, medical record number, treatment and diagnosis information, including Current Procedural Terminology (CPT) codes, and health insurance information. For some individuals, the information included email addresses, banking information, and Social Security number. The information for a limited number of individuals included clinical images of patients during treatment.
We understand that this is concerning and want to assure you that we have taken prompt action to address the issue. We are also working with our cybersecurity experts on ways to continue to strengthen LVHN’s cyber defenses.
We have arranged 24-month complimentary subscription to Experian’s® IdentityWorks℠ to provide identity monitoring services for affected individuals. The notification letters include instructions for how affected individuals can activate their membership. If you suspect there have been any incidents of identity theft, you should report the incident to local law enforcement or your state attorney general.
In addition to working closely with leading cybersecurity firms and experts to analyze the scope of the incident, we have further invested in enhancing the security and protection of our IT systems, and we continue to take appropriate steps to safeguard patient information. We are committed to data protection and deeply regret any concern or inconvenience this incident may have caused.
If you have not received a notification letter but think you may have been impacted by this incident, please call 833-957-2619, Monday through Friday from 8:00 a.m. to 5:00 p.m. [Eastern] Time.