Cyberattack Targets Nonprofit Healthcare Group PrimaryPlus
PrimaryPlus, a nonprofit healthcare organization headquartered in Vanceburg, Kentucky, and providing primary care, specialty care, and pharmacy services across northeastern Kentucky and the Ohio Valley region, experienced a cybersecurity incident on December 3, 2024. The incident involved potential unauthorized access to a portion of its IT environment by an unidentified third party. PrimaryPlus has prioritized data security and engaged digital forensics and incident response experts to mitigate the issue. Advanced monitoring and threat detection systems are being deployed alongside additional security measures. Despite significant disruptions, including phone service outages, pharmacy limitations, and delays in some services, PrimaryPlus continues to see most scheduled patients and is progressing toward full operational recovery.
The organization stated that there is no evidence of personal or confidential information being misused, but the investigation remains active. Notifications will be issued if any data exposure is confirmed. Efforts to restore phone services are ongoing, with some locations, such as Vanceburg, already back online. Pharmacies are limited in their access to systems, prompting patients to bring prescription details in person. Staff are navigating modified workflows to maintain operations, and the patient portal remains a key alternative for communication with providers. PrimaryPlus has apologized for the inconvenience and thanked the community for its patience while providing updates through its website and social media channels during this challenging process.