Cyberattacks Reported by Valley Mountain Regional Center, Village Family Dental, and Blackstone Valley Community Health

Valley Mountain Regional Center Data Breach

On April 19, 2024, Valley Mountain Regional Center based in California reported a data security breach discovered on August 1, 2023. Strange activity was observed inside its system and quick steps were undertaken to protect its systems. The forensic investigation affirmed that unauthorized individuals got access to its system and extracted files that contained patient data on or about July 29, 2023.

A third-party vendor analyzed the impacted files, and on February 20, 2024, stated that personal data and PHI were affected. The types of information involved differed from one person to another and might have contained names, taxpayer ID numbers, birth dates, driver’s license numbers, Social Security numbers, usernames and passwords, biometric information, hospital treatment and/or diagnosis details, and/or medical insurance details. Valley Mountain Regional Center stated it does not know of any patient data misuse. The impacted persons were provided free identity protection services via Cyberscout.

The breach report was submitted to the HHS’ Office for Civil Rights, but OCR’s breach portal has not listed the breach yet. The number of people affected is presently uncertain.

Village Family Dental Cyberattack

Knowles Smith & Associates, which is also known as Village Family Dental and manages 7 dentistry offices around North Carolina, recently informed 240,214 present and past patients about the exposure of some of their protected health information (PHI) in a cyberattack last November 2023.

According to Village Family Dental, it discovered suspicious activity inside its system on November 17, 2023. The impacted programs were instantly taken off the internet and third-party cybersecurity specialists were involved to investigate the incident. The forensic investigation affirmed the unauthorized access to its system, and it confirmed on February 8, 2024 that the files potentially viewed or stolen included patient information.

Dental information and other medical data were not exposed. The exposed data only included names, addresses, birth dates, patient ID numbers, names of providers, chart numbers, email addresses, and phone numbers. Village Family Dental stated that no proof was found indicating any attempted or actual misuse of patient information. Mailing of breach notification letters to the impacted persons started on April 8, 2024.

Village Family Dental stated it has been using the services of third-party cybersecurity specialists to gauge and improve its security methods to stop identical occurrences later and affirmed that important steps were undertaken to minimize the risk to individuals affected by the cyberattack.

Blackstone Valley Community Health Center Cyberattack

Blackstone Valley Community Health Center located in Pawtucket, RI submitted a report involving a cyberattack that occurred on November 11, 2023 causing a disturbance of its computer network. After securing the system, third-party cybersecurity experts checked the cause of the network problem and discovered that an unauthorized third party gained access to its network.

The evaluation of the breached files concluded on March 11, 2024, and revealed that they incorporated patient details like names, medical information, and Social Security numbers. Breach notification letters were mailed to the affected individuals on April 18, 2024. The affected individuals also acquired no-cost credit score services, credit reporting, and single bureau monitoring. Its system protection was enhanced to prevent the same breaches in the future. The Maine Attorney General received a breach notification report mentioning that around 34,416 persons were impacted.