Email accounts at a Kansas hospital were compromised for nearly a year in a prolonged data breach affecting more than 52,000 individuals.
Emporia-based Newman Regional Health was breached by an unauthorized threat actor last year. In a data security notice on its website, the healthcare provider disclosed that the actor was able to access a limited number of email accounts between January 26, 2021, and November 23, 2021.
An investigation into the security incident, conducted “with the help of third-party experts,” found that the compromised email accounts contained a treasure trove of personal data, including names, medical record numbers, birth dates, email addresses, phone numbers, addresses, treatment information, and employee information.
“A limited group of individuals may have Social Security number or financial information affected,” stated the healthcare provider.
Newman Regional Health said that the investigators reached their conclusions on March 14, 2022, but did not state when suspicious activity had first been detected or when the investigation into the incident was launched.
The hospital made a vague statement on its website describing what action it had taken to prevent a similar attack from occurring in the future.
“The security of the data we maintain is of the highest priority to us and we are using enhanced security tools to protect it. Newman Regional Health has taken steps to help prevent similar incidents in the future,” stated the healthcare provider.
Newman Regional Health has notified law enforcement of the data breach and is contacting by letter individuals whom the attack may have impacted. The healthcare provider said that while “there has been no evidence of fraudulent activity as a result of this incident,” recipients of the letter should review the information provided regarding identity protection.
You can also read this: Bob’s Red Mill Reports Data Breach