University Medical Center of Southern Nevada Reports PHI Exposed During a Cyberattack in June

University Medical Center of Southern Nevada (UMC) has given another report concerning a cyberattack it suffered in June 2021 and has already affirmed the compromise of a number of patient data during the attack.

A July 29, 2021 UMC press release reported that the cyberattack took place on June 14, 2021 and was executed by a popular group of cybercriminals that make use of the stolen data for financial gain. UMC stated that it detected the suspicious activity within its IT system and took prompt action to take the attackers out of its network. UMC mentioned the breach was under control on June 15. The preliminary investigation suggested that the attackers had acquired access to selected file servers; nevertheless, the immediate action undertaken by its IT Department resulted in zero disruption to its clinical systems or patient care services.

At first, UMC stated it believes that the attackers did not access any clinical systems, even though the investigation of the incident was still not yet finished in confirming the nature and extent of the cyberattack. The forensic investigators now affirmed that selected files that contain patients’ protected health information (PHI) were affected during the attack.

The files included data like names, addresses, birth dates, Social Security numbers, medical insurance data, financial details, and certain clinical data, such as medical backgrounds, diagnoses, and test findings. UMC stated there is no evidence found that suggests the misuse of any particular patient data.

UMC is currently sending notification letters to all persons possibly impacted by the attack and provided free identity theft protection services.

UMC mentioned it informed the FBI and the Las Vegas Metropolitan Police Department regarding the cyberattack and is working together with third-party cybersecurity experts and will be employing more internal and external applications to increase the security of patient information and avoid other cyberattacks.