TriValley Primary Care, a medical organization focusing on primary care throughout Pennsylvania, announced an update to the previous release issued on November 24, 2021, regarding the recent cybersecurity incident.

TriValley is updating its original press release to inform impacted individuals that the information involved in the incident potentially included (only if the individual provided TriValley this information) demographic information (i.e., first and last name, gender, home address, phone number, email address, date of birth, and social security number); clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in the medical file and or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information). However, to date, TriValley has no evidence indicating any misuse of this information in connection with this incident.

As stated in the release on November 24, 2021, on October 11, 2021, TriValley discovered a ransomware incident that impacted its networks and servers which contained protected health and personal information of some TriValley patients. After discovering the incident, TriValley quickly took steps to secure and safely restore its systems and operations. TriValley engaged outside counsel and third-party forensic experts to assist in the remediation efforts and conduct a thorough investigation of the incident’s nature and scope. TriValley also contacted the FBI to seek assistance and guidance, as one of the many health care providers confronting the impacts of the evolving cyber threat landscape.

TriValley concluded its investigation on November 4, 2021. The investigation determined that an unauthorized individual accessed TriValley’s systems and may have obtained some information. The forensic analysis could not definitively determine when the unauthorized individual initially got into the systems or the specific records and data that were accessed or obtained.

Since TriValley is unable to confirm that protected health information was not accessed and or obtained, out of an abundance of caution, TriValley is beginning to notify individuals of the incident and providing information on steps individuals can take to help protect their information.

TriValley is offering complimentary credit monitoring and identity protection services to individuals impacted or involved in the incident. If interested in signing up for the complimentary credit monitoring, individuals must do so within 90 days of receiving their notification letter from TriValley Primary Care. If you believe you were impacted by this incident and wish to take advantage of these services, please contact the dedicated toll-free helpline (as stated below) and for more information about tips to protect from identity theft, please visit www.trivalleypc.com.

TriValley takes the responsibility to protect the security and privacy of the information in its care with the utmost seriousness, and sincerely regrets the concern and inconvenience caused by this event. In response to this incident, TriValley is implementing additional safeguards to its existing cybersecurity infrastructure and enhancing its employee cybersecurity training. Further, TriValley is working with its external cybersecurity experts to improve its cybersecurity policies, procedures, and protocols to help minimize the likelihood of this type of incident occurring again.

For individuals seeking more information or who have questions, TriValley established a dedicated toll-free helpline set up specifically for this purpose at 1-833-814-2146 from 8:00 am to 8:00 pm Eastern time, Monday through Friday (except holidays). Representatives are available for 90 days. In addition, individuals seeking to contact TriValley directly may write to Professional Healthcare Management, 519 South 5th Street, Suite 130, Perkasie, PA 18944.

Subscribe to Our Newsletter

We keep your data private and share your data only with third parties that make this service possible. See our Privacy Policy for more information.