Seneca Nation Health System, located in Salamanca, New York, has reported a cyberattack affecting 7,633 patients’ protected health information. The breach, which involved a hacking/IT incident with a network server, was reported to the U.S. Department of Health and Human Services’ Office for Civil Rights. However, details regarding the breach are limited, with no official breach notice currently posted on the health system’s website. The incident was flagged as a ransomware attack by the Inc Ransom group, which added the health system’s data to its leak site in May 2024.
This recent attack marks the third cyberattack Seneca Nation Health System has faced in recent years. In 2019, the system experienced a ransomware attack that prevented access to its charts and scheduling system, though no patient data was compromised during that event. In 2022, the health system endured another cyberattack that impacted the protected health information of up to 12,000 individuals. Despite these previous breaches, the system has continued to face significant security challenges, underlining the persistent threat to healthcare organizations.
The latest ransomware attack is especially concerning due to the exposure of sensitive patient information, which could have significant implications for the affected individuals. The breach has highlighted ongoing vulnerabilities in the system’s cybersecurity infrastructure, prompting an investigation and review of its protocols. As part of the investigation, the health system is expected to take additional security measures to prevent future breaches and mitigate any potential harm caused by the exposed data.
At present, the health system has not disclosed whether any misuse of the affected patient data has been identified, though it has indicated it is closely monitoring the situation. The U.S. Department of Health and Human Services, along with cybersecurity experts, will likely continue their investigation into the incident. This breach emphasizes the increasing frequency and sophistication of cyberattacks targeting healthcare organizations and the need for robust cybersecurity defenses in the sector.
Reference:
