TriValley Primary Care and Medsurant Health Report Ransomware Attacks

On October 11, 2021, TriValley Primary Care based in Perkasie, PA identified ransomware installed on its systems and servers that held the protected health information (PHI) of a number of its patients. The healthcare provider took immediate action to protect its systems and stop continuing unauthorized access. Third-party cybersecurity specialists helped with the attack investigation.

On November 4, 2021, the forensic investigation finished, however, it wasn’t possible to know precisely when unauthorized persons initially acquired access to its networks nor if the attackers viewed or acquired any particular patient data. When issuing notification letters to the impacted persons, TriValley Primary Care did not know if there was any actual or attempted patient data misuse.

As a safety measure against identity theft and fraud, all impacted persons were provided with free credit monitoring and identity theft protection services. TriValley Primary Care stated it has undertaken steps to stop more security breaches, such as employing extra technical safety measures, fortifying its current cybersecurity system, and giving the employees more security awareness training. External cybersecurity experts were hired to help improve its guidelines, processes, and protocols to further reinforce its security position.

The breach report submitted to the HHS’ Office for Civil Rights indicated that 57,468 patients were affected.

45,000 People Impacted by Medsurant Health Ransomware Attack

Medsurant Holdings based in Pennsylvania has submitted a ransomware attack report to the HHS’ Office for Civil Rights indicating that up to 45,000 patients of Medsurant Health were affected.

Medsurant Holdings stated that on September 30, 2021, it got an email from the attacker mentioning the access and exfiltration of sensitive information from its systems. The company started an investigation to find out if files had been accessed without authorization and to verify the claims of data theft. As per Medsurant’s notice on its website, the investigation affirmed the access to its system by the threat actor from September 23 to November 12. A number of files on its systems had been encrypted during the attack, however, they were successfully recovered.

An analysis is presently being done to find out which files had been accessed and stolen as well as to determine all impacted patients. Medsurant Holdings will send notification letters to affected persons as soon as the review is finished and when contact details were confirmed.

At this point, the types of data thought to have been stolen consist of complete names, addresses, diagnoses, health conditions, birth dates, claim details, and Social Security numbers. Medsurant is not aware of any actual or attempted patient data misuse when the notice was published.

Current guidelines and procedures are being evaluated and will be modified as needed. Additional technical and administrative safety measures will be put in place to better secure the data kept in its systems.