A security incident at a nonprofit community hospital in Oklahoma may have exposed the personal data of more than 92,000 individuals.
Duncan Regional Hospital (DRH) found access to some of its systems mysteriously blocked on January 20 2022. The hospital disconnected all its systems from external access and notified law enforcement.
DRH triggered its cybersecurity incident response plan and hired an independent forensics firm to determine what had happened, how it had occurred and whether any sensitive information may have been impacted.
Although DRH was able to bring all systems back to normal operations within 24 hours, the investigating firm found that patient information and employee information may have been exposed during the incident.
A security notice, submitted to the attorney general of Maine on March 4 by law firm Clark Hill on behalf of DRH, stated that the impacted data might include patients’ name, date of birth, Social Security number, limited treatment information, and medical appointment information such as date of service and name of providers.
“For employees, this includes personal information associated with W-2s, such as name, date of birth, address, and Social Security number,” stated the notice.