Las Vegas Cancer Center has announced that it suffered a ransomware attack over the Labor Day weekend. According to the administrators of the cancer center, the security breach was uncovered on September 07 when the entire staff returned to the office after the holiday. In the wake of the incident, the cancer center is notifying patients of ransomware attacks that may have exposed personal details of current and former patients.
“The breach was discovered when the office reopened on September 7th. LVCC immediately notified law enforcement and fully participated in an investigation by the FBI, and conducted its own internal investigation. LVCC also notified its electronic medical records vendor, which relies on the server data to build LVCC’s patient records database,” the news release stated.
The attackers succeeded in encrypting data on the center's server despite LVCC’s server and computers being shielded by a firewall and multiple malware defense systems. Threat actors were able to access patient names, addresses, dates of birth, social security numbers, medical records, and insurance information as a result of the breach, according to the center. However, the center claims all patient details were stored in a proprietary format and were no longer of any use.
“All patient data was stored on the server in a format proprietary to LVCC’s electronic medical records system, and therefore likely not usable to the hackers. LVCC does not believe that any data was copied or transferred from its server, and has received no ransom demand from the hackers to unlock the data,” LVCC stated.
Earlier this year in August, Indianapolis-based Eskenazi Health suffered a ransomware attack that compromised the personal details of the patients. Eskenazi officials discovered the attack when they noticed suspicious activity on their network. The ransomware attack led the hospital to go diversion, turning away ambulances, for several days in early August.
A further investigation revealed that threat actors had secured access to the network on May 19 and launched the attack in a sophisticated manner by disabling the security protections to hide their activities.