Lehigh Valley Health Network Issues Cyber Incident Notification

Lehigh Valley Health Network (LVHN) was the target of a cybersecurity attack by a ransomware gang, known as BlackCat, which has been associated with Russia. The data security incident was focused on Lehigh Valley Physician Group (LVPG) – Delta Medix.

We take the security and privacy of patient information seriously and protecting that information is critical. We have been undertaking the complex and labor-intensive exercise of evaluating the information involved in the incident. We have completed analyzing the unstructured data and continue working closely with leading cybersecurity firms and experts to continue identifying the individuals whose information was stolen. This process requires significant time, energy and resources because of the nature of the information involved.

On March 14, 2023, we began the process of notifying individuals whose information was involved in the incident and by the end of June, the majority of notices will have been sent out.

Based on the investigation and data analysis, we identified personal information in the files that the hackers acquired. The affected information varied by individual but potentially included some combination of the following data elements: names, addresses, phone numbers, medical record numbers, treatment and diagnosis information, including Current Procedural Terminology (CPT) codes, and health insurance information. For some individuals, the information included email addresses, banking information, Social Security numbers, and driver’s license numbers. The information for a limited number of individuals included clinical images of patients during treatment.

We understand that this is concerning and we took prompt action to contain, remediate and address the issue. We continue to work with our cybersecurity experts to strengthen our cyber defenses, have further invested in enhancing the security and protection of our IT systems and continue to take appropriate steps to safeguard our data.