The Valley Hospital
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Valley Hospital Data Breach Incidents
The Valley Hospital in New Jersey has experienced multiple data breach incidents over the years. Here are the details of the breaches based on the available information:
2015 Data Breach Involving Medical Management LLC
In 2015, The Valley Hospital, along with Englewood Hospital and Medical Center and Holy Name Medical Center, was affected by a data breach due to an employee at Medical Management LLC. This employee was found to be passing on names, Social Security numbers, and birth dates of patients from February 2013 through March 2015[2][5][11][15].
2022 Patient Privacy Incident
In October 2022, The Valley Hospital addressed a patient privacy incident where post-COVID-19 Testing Patient Instructions were mistakenly discarded in a marked recycling bin. The hospital began notifying patients of the data breach risk after documents containing patient names and medical record numbers were improperly discarded at an outpatient COVID-19 testing facility[1][7][13].
2023 Ransomware Attack Affecting Ardent Health Services
In November 2023, a ransomware attack on Ardent Health Services led to disruptions at several hospitals, including The Valley Hospital. This cyberattack forced hospitals to divert patients from their emergency rooms and resulted in a network outage[3][6][9][14][16][18][19][20].
Data Breach Involving Progress Software’s MOVEit Transfer
In January 2024, a data breach was reported involving Progress Software’s MOVEit Transfer secure file transfer platform, which was used by Valley Health System. An unauthorized party accessed a MOVEit Transfer server and downloaded certain files, potentially including patient information[10].
Legal and Regulatory Responses
The Valley Hospital has faced legal actions and has been subject to scrutiny due to these breaches. For instance, a class action lawsuit was filed against a New Jersey hospital operator over a data breach and alleged failure to notify patients[12]. The hospital has taken steps to notify affected patients and offer identity theft protection services where applicable.
Patients affected by these incidents have been advised to monitor their financial statements and health insurer communications for any unauthorized activity and to take advantage of any offered identity theft protection services. The Valley Hospital has also worked on improving its data security measures to prevent future incidents.
Citations:
- https://www.valleyhealth.com/sites/default/files/documents/patient%20privacy%20incident.pdf
- https://microwize.com/data-breach/
- https://www.cbsnews.com/newyork/news/hackensack-meridian-health-potential-cybersecurity-breach/
- https://www.law.com/njlawjournal/2022/08/11/appeals-court-upholds-24-3m-jury-verdict-over-breach-of-implied-covenant-by-hospital/
- https://abc7ny.com/breach-patients-northern-new-jersey-hospitals-billing-clerk-theft-information/735701/
- https://www.northjersey.com/story/news/health/2023/11/30/nj-hospitals-disrupted-ransomware-hacking-attack-mountainside-pascack-valley/71758782007/
- https://www.beckershospitalreview.com/cybersecurity/new-jersey-hospital-improperly-discards-patients-covid-19-documents.html
- https://www.valleyhealth.com/notice-privacy-practices
- https://www.tapinto.net/towns/paramus/sections/health-and-wellness/articles/ransomware-attack-affects-pascack-valley-hospital-in-westwood
- https://theridgewoodblog.net/valley-health-system-vendor-experiences-a-data-breach/
- https://whyy.org/articles/thousands-of-patients-data-stolen-at-new-jersey-hospitals/
- https://www.law.com/njlawjournal/2023/12/20/new-jersey-hospital-operator-faces-class-suit-over-data-breach-alleged-failure-to-notify-patients/?slreturn=20240014005252
- https://www.nj.com/bergen/2022/10/covid-19-documents-with-patient-names-improperly-discarded-at-nj-hospital.html
- https://www.nj.com/healthfit/2023/11/ransomware-attack-on-2-nj-hospitals-has-knocked-systems-offline-for-5-days.html
- https://microwize.com/data-breach-at-three-hospitals-in-bergen-county-nj/
- https://www.usatoday.com/story/news/nation/2023/11/28/ardent-health-hospital-cyber-attack-ransomware/71726309007/
- https://www.hipaajournal.com/hacking-database-misconfigurations-improper-disposal-incidents-reported/
- https://www.databreaches.net/hospitals-in-multiple-states-diverting-patients-after-ardent-health-services-hit-with-ransomware-attack/
- https://www.northjersey.com/story/news/health/2023/11/28/nj-hospitals-continue-to-divert-patients-cyberattack-hackensack-meridian-pascack-valley/71727571007/
- https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/53079168/ardent-health-services-hospitals-hit-by-ransomware-attack