LAS VEGAS (KTNV) — Up to 300 clients may have been affected by a cybersecurity incident, according to the Southern Nevada Health District.
District officials said this affects people who completed transactions on the Environmental Health Invoice Payment form on its website between March 4 and March 14, 2024.
They add information might have been compromised. However, they don't believe payments were affected and other areas of the website were not impacted.
According to the district, around March 4, a malicious code was placed on the payment page. The code redirected clients who paid invoices for environmental health permits or application fees. Clients were redirected to a fraudulent payment form that looked like a credit card payment page that was not affiliated with the Health District.
The Health District said they discovered the code on March 14 and immediately removed the form. Law enforcement and cybersecurity experts were notified to assist with securing the site and investigating the incident. District officials said they also rebuilt their web server to eliminate access points.
"The Health District takes the security of its clients and patients seriously. The agency is continuing to work with law enforcement and security advisors to protect against these future incidents," the district said in a statement. "Clients who were impacted by this incident are receiving a letter from the Health District and offered services to assist with identity theft detection and resolution services."
According to. the district, to date, there have been no reports of credit misuse as a result of this incident.
Over the past couple of months, there have been other hacks targeting Nevada healthcare providers.
In February, Change Healthcare was attacked by a group called AlphV Blackcat, a cybercriminal organization, which has targeted the computer networks of over 1,000 victims around the world. Here in Nevada, the Nevada Hospital Association said several services were impacted including verifying health covers, disrupting claims processing, disrupting patient portals, disrupting employee health savings accounts, and the inability to report on quality management to the Centers for Medicare and Medicaid Services (CMS).
Earlier this month, the NHA also stated Unite Here, a labor union that represents workers in the U.S. and Canada, announced a data breach that has affected their health fund members. Personal data for up to 800,000 people has potentially been exposed.
According to federal officials, ransomware and hacking are the primary cyber-threats in health care. Over the past five years, there has been a 256% increase in large breaches involving hacking and a 264% increase in ransomware. In 2023, hacking accounted for 79% of the large breaches, which affected over 134 million individuals, which is up 141% compared to 2022.
