The Southern Nevada Health District reports that up to 300 clients may have been impacted by a recent cybersecurity incident. District officials state that individuals who completed transactions on the Environmental Health Invoice Payment form on the district’s website between March 4 and March 14, 2024, may have been affected.
While information may have been compromised, officials do not believe that payments were affected, and other areas of the website were reportedly not impacted. The district revealed that on or around March 4, a malicious code was inserted on the payment page, redirecting clients to a fake payment form unrelated to the Health District after they paid for environmental health permits or application fees.
The district responded quickly upon discovering the code on March 14 by removing the form and engaging law enforcement and cybersecurity experts to secure the site and investigate the incident. They also took measures to rebuild their web server to prevent similar attacks in the future.
In a statement, the district emphasized its commitment to client and patient security and confirmed that affected individuals will receive notification letters and offered assistance with identity theft detection and resolution services. As of now, there have been no reported cases of credit misuse resulting from the incident.
Notably, this incident is part of a broader trend of cyberattacks targeting healthcare providers in Nevada. In recent months, both Change Healthcare and the Nevada Hospital Association have fallen victim to cybercriminal activities, impacting various services and potentially exposing sensitive data of thousands of individuals.
Federal reports highlight ransomware and hacking as the main cybersecurity threats to the healthcare sector, with a sharp increase in large breaches involving hacking in recent years. It is crucial for organizations in the healthcare industry to remain vigilant and proactive in safeguarding sensitive information from cyber threats.