The Valley Hospital

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Valley Hospital Data Breach Incidents

The Valley Hospital in New Jersey has experienced multiple data breach incidents over the years. Here are the details of the breaches based on the available information:

2015 Data Breach Involving Medical Management LLC

In 2015, The Valley Hospital, along with Englewood Hospital and Medical Center and Holy Name Medical Center, was affected by a data breach due to an employee at Medical Management LLC. This employee was found to be passing on names, Social Security numbers, and birth dates of patients from February 2013 through March 2015[2][5][11][15].

2022 Patient Privacy Incident

In October 2022, The Valley Hospital addressed a patient privacy incident where post-COVID-19 Testing Patient Instructions were mistakenly discarded in a marked recycling bin. The hospital began notifying patients of the data breach risk after documents containing patient names and medical record numbers were improperly discarded at an outpatient COVID-19 testing facility[1][7][13].

2023 Ransomware Attack Affecting Ardent Health Services

In November 2023, a ransomware attack on Ardent Health Services led to disruptions at several hospitals, including The Valley Hospital. This cyberattack forced hospitals to divert patients from their emergency rooms and resulted in a network outage[3][6][9][14][16][18][19][20].

Data Breach Involving Progress Software’s MOVEit Transfer

In January 2024, a data breach was reported involving Progress Software’s MOVEit Transfer secure file transfer platform, which was used by Valley Health System. An unauthorized party accessed a MOVEit Transfer server and downloaded certain files, potentially including patient information[10].

Legal and Regulatory Responses

The Valley Hospital has faced legal actions and has been subject to scrutiny due to these breaches. For instance, a class action lawsuit was filed against a New Jersey hospital operator over a data breach and alleged failure to notify patients[12]. The hospital has taken steps to notify affected patients and offer identity theft protection services where applicable.

Patients affected by these incidents have been advised to monitor their financial statements and health insurer communications for any unauthorized activity and to take advantage of any offered identity theft protection services. The Valley Hospital has also worked on improving its data security measures to prevent future incidents.

Citations:

  1. https://www.valleyhealth.com/sites/default/files/documents/patient%20privacy%20incident.pdf
  2. https://microwize.com/data-breach/
  3. https://www.cbsnews.com/newyork/news/hackensack-meridian-health-potential-cybersecurity-breach/
  4. https://www.law.com/njlawjournal/2022/08/11/appeals-court-upholds-24-3m-jury-verdict-over-breach-of-implied-covenant-by-hospital/
  5. https://abc7ny.com/breach-patients-northern-new-jersey-hospitals-billing-clerk-theft-information/735701/
  6. https://www.northjersey.com/story/news/health/2023/11/30/nj-hospitals-disrupted-ransomware-hacking-attack-mountainside-pascack-valley/71758782007/
  7. https://www.beckershospitalreview.com/cybersecurity/new-jersey-hospital-improperly-discards-patients-covid-19-documents.html
  8. https://www.valleyhealth.com/notice-privacy-practices
  9. https://www.tapinto.net/towns/paramus/sections/health-and-wellness/articles/ransomware-attack-affects-pascack-valley-hospital-in-westwood
  10. https://theridgewoodblog.net/valley-health-system-vendor-experiences-a-data-breach/
  11. https://whyy.org/articles/thousands-of-patients-data-stolen-at-new-jersey-hospitals/
  12. https://www.law.com/njlawjournal/2023/12/20/new-jersey-hospital-operator-faces-class-suit-over-data-breach-alleged-failure-to-notify-patients/?slreturn=20240014005252
  13. https://www.nj.com/bergen/2022/10/covid-19-documents-with-patient-names-improperly-discarded-at-nj-hospital.html
  14. https://www.nj.com/healthfit/2023/11/ransomware-attack-on-2-nj-hospitals-has-knocked-systems-offline-for-5-days.html
  15. https://microwize.com/data-breach-at-three-hospitals-in-bergen-county-nj/
  16. https://www.usatoday.com/story/news/nation/2023/11/28/ardent-health-hospital-cyber-attack-ransomware/71726309007/
  17. https://www.hipaajournal.com/hacking-database-misconfigurations-improper-disposal-incidents-reported/
  18. https://www.databreaches.net/hospitals-in-multiple-states-diverting-patients-after-ardent-health-services-hit-with-ransomware-attack/
  19. https://www.northjersey.com/story/news/health/2023/11/28/nj-hospitals-continue-to-divert-patients-cyberattack-hackensack-meridian-pascack-valley/71727571007/
  20. https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/53079168/ardent-health-services-hospitals-hit-by-ransomware-attack
Breach Submission Date Oct 14, 2022
Converted Entity Name The Valley Hospital
Converted Entity Type Healthcare Provider
State NJ
Individuals Affected 4,245
Breach Type Improper Disposal

Breach Information Location Paper/Films

Business Associate Present Yes