Ransomware Attack at Lamoille Health Partners Impacts 59K

August 19, 2022 - Lamoille Health Partners disclosed a ransomware attack that impacted 59,381 individuals. According to a notice on its website, the Vermont-based organization discovered suspicious activity on June 13 and later discovered that an unauthorized party had locked some of its files.

Lamoille immediately began restoring its systems from backups and notified law enforcement. Further investigation revealed that the unauthorized third party potentially accessed and acquired certain documents between June 12 and 13.

The documents contained names, addresses, Social Security numbers, health insurance information, birth dates, and medical treatment information.

“Lamoille Health Partners has no reason to believe that any personal information has been misused for the purpose of committing fraud or identity theft, but as a precautionary measure, individuals should remain vigilant to protect against potential fraud and/or identity theft by reviewing their account statements and monitoring credit reports closely,” the notice stated.

Lee County EMS Faces Third-Party Breach

Lee County Emergency Medical Services (EMS) in Fort Myers, Florida began notifying an undisclosed number of individuals of a third-party security breach.

On August 4, Lee County EMS received notification that about a breach relating to Intermedix Corporation, an ambulance billing services vendor that Lee County had conducted business with for nearly 15 years.

Lee County EMS ended its business relationship with Intermedix in 2014. However, Intermedix hired the law firm Smith, Gambrell, & Russell (SGR), and the firm was in possession of Lee County EMS data when the breach occurred.

“Of all the records the firm handled, less than 2 [percent] of the total may have been compromised. At this time, there is no indication that any of the information was misused and the notice is being provided out of an abundance of caution, according to SGR,” the notice stated.

“The county immediately worked with Intermedix and SGR to assist their efforts to notify those who are potentially impacted, as required by federal law.”

The information involved potentially included names, driver’s license numbers, Social Security numbers, government IDs, medical information, and addresses.