What is the Summit Pathology data breach?

Summit Pathology Laboratories, Inc., a Colorado-based pathology service provider, experienced a data breach in April 2024 affecting approximately 1,813,538 patients. The breach was the result of a cyberattack involving the Medusa ransomware group.

How did the Summit Pathology data breach occur?

The breach occurred after an employee at Summit Pathology inadvertently opened a malicious attachment in a phishing email. This enabled the Medusa ransomware group to access Summit's network, compromising sensitive patient data.

What patient information was exposed in the Summit Pathology data breach?

The compromised data includes patient names, addresses, dates of birth, Social Security numbers, financial information, health insurance details, billing information, and medical data such as diagnoses.

What steps did Summit Pathology take after detecting the breach?

After detecting suspicious activity on April 18, 2024, Summit Pathology secured its systems and enlisted a third-party cybersecurity firm to investigate the breach's scope. They later reported the incident to the Department of Health and Human Services’ Office for Civil Rights.

What assistance is Summit Pathology offering to affected patients?

Summit Pathology is providing free identity theft protection services through IDX, which includes 12 or 24 months of credit and CyberScan monitoring (depending on the patient’s state), a $1,000,000 identity theft insurance policy, and fully managed identity theft recovery services.

Who is responsible for the Summit Pathology data breach?

The Medusa ransomware group claimed responsibility for the data breach, which was triggered by a phishing attack on Summit Pathology's network.

Incident

Summit Pathology reports data breach exposing 1.8M patients

published: Nov. 6, 2024

Learn More

Summit Pathology Laboratories, Inc., a Colorado-based provider of pathology services, is reporting a data breach impacting approximately 1,813,538 patients.

The breach, confirmed in Summit’s report to the Department of Health and Human Services' Office for Civil Rights (OCR), resulted from a cyberattack in April 2024. Summit Pathology detected suspicious activity in its network on April 18, 2024, and responded to secure its systems, enlisting a third-party cybersecurity firm to assess the breach's scope and nature.

The Medusa ransomware group claimed responsibility for the attack, which was triggered when an employee inadvertently opened a malicious attachment in a phishing email. The hackers gained access to files containing highly sensitive patient information, including:

Names
Addresses
Dates of birth
Social Security numbers
Financial information
Health insurance information
Billing details
Medical data, including diagnoses

Summit Pathology is offering free identity theft protection services through IDX, a data breach and recovery specialist. Affected individuals are entitled to:

12 or 24 months of credit and CyberScan monitoring, depending on their state of residence
A $1,000,000 identity theft insurance policy
Fully managed identity theft recovery services

Summit Pathology reports data breach exposing 1.8M patients

Read More
The New Jewish Home aka Jewish Home Lifecare …
Calibrated Healthcare reports data breach exposing patient's data
HR ciant Workday reports data breach caused by …
Memorial Hospital and Manor reports randomware attack
NorthBay Healthcare Corporation reports data breach exposing half …