Data Breaches at Utah Pathology Services and Valley Health Systems

Utah Pathology Services reported the unauthorized access to an employee’s email account and the attempt of the person to reroute funds from Utah Pathology. The service provider detected the breach promptly and secured the compromised email account. The attempted fraud did not succeed and did not compromise any patient information.

Third-party IT and forensic experts helped with the investigation to determine the magnitude of the breach. The investigation is not yet over, but the investigators have confirmed that the compromised email account contained the personal and protected health information (PHI) of about 112,000 patients.

It seemed that the attacker’s purpose was to redirect funds to an account controlled by the attacker and not to steal patient information. Nevertheless, it cannot be completely certain there was no data theft. Utah Pathology Services is now notifying the affected individuals about the data breach.

Aside from patient names, the compromised email account contained the following information: Gender, birth date, email address, mailing address, telephone number, medical insurance data, internal record numbers, and diagnostic details associated with  pathology services. The Social Security number of some people were also exposed.

To date, there is no evidence found that suggests the misuse of patient data, however, as a safety precaution, Utah Pathology Services offered the affected persons free membership to Cyberscout’s identity monitoring service for 12 months.

The privacy policies of Utah Pathology Services are under review. Additional required security measures will be put in place to avert other breaches later on.

Ransomware Attack on Valley Health Systems

Valley Health Systems suffered a ransomware attack on or around August 22, 2020. This healthcare provider caters to around 75,000 patients living in southeastern Ohio, southern West Virginia, and eastern Kentucky.
In this manual ransomware attack, the attacker exfiltrated data files prior to the encryption and threatened the healthcare provider to pay the ransom, otherwise the data will be published online. Some of the stolen data was published on a leak site.

Valley Health Systems did not stop providing patients with medical services while restoring its systems. A number of systems are still being restored and will be accessible online. Third-party cybersecurity professionals are helping investigate the incident and fast track recovery. shared a statement from VHS which mentioned the unfortunate reality that the threat actor disclosed some stolen information. VHS is doing everything to determine which data is at risk to protect patient data. According to, the attacker used Sodinikibi (REvil) ransomware.

VHS will take action after the complete forensic review. Affected patients will be notified accordingly. The provider already notified the FBI and is fully cooperating with the investigation of the incident.

The HHS’ Office for Civil Rights has not published the breach yet on its website. Hence, the number of affected individuals is still unclear.