Data Breach at Lamoille Health Partners Affects 59,381 Patients

Vermont-based Lamoille has recently announced that they have experienced a ransomware attack involving PHI of 59,381 patients. On June 13, 2022, Lamoille Health Partners detected suspicious activity on their systems. The health provider discovered that multiple files had been encrypted by an unauthorized third-party ransomware attack.  Upon discovery, Lamoille Health Partners immediately implemented protocols and securely restored its systems from backups. Law enforcement was then promptly notified of the incident.

 Lamoille Health Partners immediately launched a comprehensive forensic investigation in collaboration with a cybersecurity firm to determine what information had been taken and how it was accessed. The investigation found that an unidentified third-party had gained access and obtained certained documents from the organization’s systems in the period between June 12, 2022 and June 13, 2022. On June 24, 2022, further investigation concluded that the cybercriminals had obtained documents containing sensitive personal information of individuals. The information obtained by the hackers may include individual’s names, addresses, birth dates, Social Security numbers, health insurance information, and medical treatment information, and medical treatment information. 

Lamoille Health Partners will be providing breach notification letters to all individuals who may have had their information accessed by the third-party. Despite confirming the hackers access to personal patient information, Lamoille Health Partners were unable to determine whether the personal information had been abused for the purpose of identity theft or fraud. The health provider will, however, be offering identity theft protection and credit monitoring services free of charge. Patients of the organization have also been requested to keep a close eye on their account statements and credit reports for any suspicious activity indicating fraud or identity theft. Should any fraudulent activity be detected, Lamoille Health Partners has asked patients to report the law enforcement such as the State Attorney general. Individuals may seek further information by contacting a dedicated phone line at Lamoille Health Partners or on the Federal Trade Commission’s website. 

Lamoille Health Partners has apologized for any inconvenience caused to potentially affected individuals and has reassured patients of their commitment to secure and protect their personal information.