Cyberattacks Encountered by Las Vegas Cancer Center and Seneca Family of Agencies

Seneca Family of Agencies based in California, a provider of education, mental health, juvenile justice, placement, and permanency services, noticed unauthorized activity inside its computer systems on August 27, 2021. The action was quickly done to protect its systems and stop continuing unauthorized access, along with the succeeding investigation validating its systems were compromised on August 25.

Although there is no evidence of actual or attempted information misuse determined, it is likely that protected health information (PHI) was breached. The types of data kept on the affected systems differed from one patient to another and may have contained the following data elements: name, date of birth, physical address, email address, phone number, Social Security number, medical record number, treatment/diagnosis data, health insurance details, Medicare/Medicaid number, provider name, prescription data, driver’s license/state identification number, and/or digital signature.

Seneca Family of Agencies stated that impacted people are being provided credit monitoring and identity protection services for free as a safety measure. Supplemental security steps have now been enforced to better secure information saved on its networks.

Based on the breach report submitted to the HHS’ Office for Civil Rights, the protected health information of 2,470 persons might have been breached.

PHI of 3,000 Persons Possibly Exposed in Las Vegas Cancer Center Ransomware Attack

Las Vegas Cancer Center has reported that it suffered a ransomware attack during the Labor Day weekend. The center identified the cyberattack on September 7, 2021 when it re-opened.

The attackers succeeded to encrypt data files on the center’s network and, prior to installing ransomware, likely exfiltrated the PHI of present and previous patients such as names, dates of birth, addresses, Social Security numbers, medical insurance details, and medical record numbers.

Las Vegas Cancer Center stated it had put in place several cybersecurity steps to avoid unauthorized access before the attack. Though patient data may have been exfiltrated, it was kept in a proprietary format so it is believed that the hackers had not accessed the data. The cancer center additionally mentioned no proof of information theft was discovered nor was there any ransom demand.