Cyberattack on Vegas Medical Center Exposes Staff, Patients’ PHI

University Medical Center (UMC) suffered a cyberattack that exposed some staff members’ and patients’ protected health information (PHI.)  

The Las Vegas medical center experienced a cyberattack in mid-June and issued an update on the incident in late July. 

The cyberattack left the hospital with “intermittent computer login issues for some UMC team members,” however the issues did not disrupt patient care or the hospital’s clinical systems, according to a statement.  

The UMC cybersecurity team discovered the “suspicious activity on the hospital’s computer network in mid-June and responded rapidly by immediately restricting external access to UMC servers,” the data incident notice states. “While the hospital continues to work with law enforcement to fully investigate this activity, UMC believes cybercriminals accessed a server used to store data.” 

Investigators found the compromise on June 14, 2021 and ended it on June 15.  

“UMC’s IT Division acted swiftly to secure the hospital’s network and ensure no disruption to patient care,” it notes.  

“UMC has no evidence to date that cybercriminals accessed any clinical systems, including those interfaced with the hospital’s electronic health records,” the statement notes. “However, the hospital’s IT experts have determined that certain files on network servers were compromised,” it states. “Among other information, these files contain personally identifiable information (PII), including protected health information (PHI).” 

Individuals’ names, addresses, dates of birth, Social Security numbers, clinical history, diagnosis, test results, financial information, and/or health insurance numbers, “may have been included in the files compromised by these cybercriminals,” the notice states.  

The Las Vegas medical center notified the FBI and the Las Vegas Metropolitan Police Department about the cyberattack.  

“In addition, UMC is engaged in a number of security initiatives, including working closely with external cybersecurity professionals and updating internal and external technology solutions to further safeguard UMC against cyberattacks,” the notice says.  

UMC is notifying all individuals impacted by the cyberattack and will provide free access to identity protection services through IDX.  

“UMC encourages every person potentially affected by this incident, including those who may have received a COVID-19 test through UMC, to keep up to date on the incident by checking [the website] for information,” the notice states. “UMC continues to focus on identifying and directly notifying individuals affected by the data security incident.” 

For those who are unable to enroll in the IDX services online, a toll-free phone number is available at 1-833-909-3920.