On September 20, 2024, the Lassen Clinics learned there was an active cyber event on its IT network involving an unknown individual. The Lassen Clinics’ IT network was temporarily disabled and rendered inaccessible before the Lassen Clinics were able to restore it the next day. Upon learning of the security incident, the Lassen Clinics immediately took steps to secure its network and began an investigation with the assistance of an external forensics vendor.
The investigation determined that an unauthorized third party gained access to the Lassen Clinics network between September 17, 2024, to September 20, 2024. On December 3, 2024, the Lassen Clinics learned that the unauthorized third party obtained copies of some of the data from its systems containing confidential patient medical information, however, the unauthorized third party did not acquire any data directly from the Lassen Clinics’ Electronic Medical Record (EMR).
Some information in the Lassen Clinics' records may have been accessed or acquired by an unauthorized third party. The information in the files may have included name, address, date of birth, driver's license number, financial account information, as well as medical and health insurance information. A small number of individuals may also have had a Social Security Number involved.
Upon learning of the event, the Lassen Clinics took quick action to protect its systems, contain the incident, open an investigation, and maintain continuity of healthcare. Once secured, systems were returned to the network with additional security and monitoring tools.
Navigating the Healthcare Real Estate Landscape in 2025
UI Health Care Acquires 20 Mission Cancer + Blood Clinics in Iowa
On-Demand Training to Meet Managers' Evolving Needs
PIH Health Facing Lawsuit Over December 2024 Ransomware Attack