On September 20, 2024, the Lassen Clinics learned there was an active cyber event on its IT network involving an unknown individual. The Lassen Clinics’ IT network was temporarily disabled and rendered inaccessible before the Lassen Clinics were able to restore it the next day. Upon learning of the security incident, the Lassen Clinics immediately took steps to secure its network and began an investigation with the assistance of an external forensics vendor.
The investigation determined that an unauthorized third party gained access to the Lassen Clinics network between September 17, 2024, to September 20, 2024. On December 3, 2024, the Lassen Clinics learned that the unauthorized third party obtained copies of some of the data from its systems containing confidential patient medical information, however, the unauthorized third party did not acquire any data directly from the Lassen Clinics’ Electronic Medical Record (EMR).
Some information in the Lassen Clinics' records may have been accessed or acquired by an unauthorized third party. The information in the files may have included name, address, date of birth, driver's license number, financial account information, as well as medical and health insurance information. A small number of individuals may also have had a Social Security Number involved.
Upon learning of the event, the Lassen Clinics took quick action to protect its systems, contain the incident, open an investigation, and maintain continuity of healthcare. Once secured, systems were returned to the network with additional security and monitoring tools.
Case Study: How NYU Langone Rebuilt for Resilience After Superstorm Sandy
Frederick Health Hospital Faces 5 Lawsuits Following Ransomware Attack
Arkansas Methodist Medical Center and Baptist Memorial Health Care to Merge
Ground Broken on Intermountain Saratoga Springs Multi-Specialty Clinic
Electrical Fire Tests Resilience of Massachusetts Hospital