Over 70,000 Patient Records Exposed in Valle del Sol Community Cyberattack

by

Valle del Sol Community Health, a primary healthcare provider based in Phoenix, Arizona, has sent breach notifications to 70,268 of its patients. The notification letters stated the recipient’s Protected Health Information had been exposed in an attack that was first detected on January 25, 2022. The letters did not state who had access to the data, or for how long the attack was underway.

 

Upon realizing that unauthorized individuals had accessed their network, Valle del Sol Community Health employed a cybersecurity firm to undertake an investigation. The healthcare provider also secured their network to prevent further attacks. The investigation confirmed that the unauthorized individuals had accessed patient data, sparking a review into which files had been accessed. During the attack, patient names, dates of birth, Social Security Numbers, driver’s license numbers, health information, and health insurance information were exposed.

 

The review was completed on July 18, 2022, though Valle del Sol Community Health refrained from immediately sending breach notification letters as they wanted to ensure that they had up-to-date contact information for all of the affected individuals. This review was completed on September 1, 2022.

 

In their press release, Valle del Sol Community Health stated that they have taken steps to strengthen their security protocols to prevent further attacks. They have also stated that there is no indication that PHI has been misused, but have provided guidance on their website as to how patients can best protect themselves. Their advice includes placing a fraud alert on their credit reports and carefully monitoring their accounts.

 

Valle del Sol Community Health concluded its press report with the following:

“The privacy and protection of personal information is a top priority for Valle del Sol and we deeply regret any inconvenience this incident may cause.”

 

John Blacksmith

John Blacksmith is a seasoned journalist with experience in both print and digital media. He has concentrated on information technology in the healthcare field, especially in the areas of data security and privacy. His work has provided him with in-depth knowledge of HIPAA regulations. John has a journalism degree.