Las Vegas Cancer Center and Seneca Family of Agencies Suffer Ransomware Attacks

Seneca Family of Agencies located in California, a provider of education, juvenile justice, mental health, placement, and permanency services, discovered unauthorized activity in its computer systems on August 27, 2021. The action was promptly undertaken to safeguard its systems and stop more unauthorized access, together with the following investigation verifying its systems were compromised on August 25.

Although there is no evidence of attempted or actual information misuse discovered, it is probable that protected health information (PHI) was breached. The types of data saved on the affected systems varied from one patient to another and might have involved these data elements: name, birth date, address, email address, telephone number, Social Security number, medical record number, treatment/diagnosis data, health insurance details, Medicaid/Medicare number, provider name, prescription data, driver’s license/state ID number, and/or electronic signature.

Seneca Family of Agencies stated that impacted persons are being given credit monitoring and identity protection services at no charge as a preventative measure. Extra security actions have already been carried out to better safeguard information kept on its networks.

In accordance with the breach report sent to the HHS’ Office for Civil Rights, the protected health information of 2,470 people may have been exposed.

PHI of 3,000 People Likely Breached in Las Vegas Cancer Center Ransomware Attack

Las Vegas Cancer Center has reported that it experienced a ransomware attack at the time of the Labor Day weekend. The center discovered the cyberattack on September 7, 2021, when it re-opened.

The attackers were able to encrypt information on its system and, prior to deploying ransomware, might have exfiltrated the PHI of existing and past patients which include names, birth dates, addresses, Social Security numbers, medical insurance details, and medical record numbers.

Las Vegas Cancer Center stated it had enforced a number of cybersecurity procedures to avoid unauthorized access before the cyberattack. Though patient data might have been exfiltrated, it was saved in an exclusive format therefore it is considered that the hackers had not viewed the data. The cancer center furthermore mentioned no proof of information theft was identified and there was no ransom demand.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA