Connect with us

Business

US healthcare non-profit reports data breach impacting 200,000 patients, employees

Published

on

Rehoboth McKinley Christian Health Care Services (RMCHCS), a non-profit healthcare provider operating in Arizona and New Mexico, has reported a data breach impacting around 200,000 patients and employees.

In a data breach notice published on May 19, RMCHCS said its “investigation has found that an unauthorized party was able to access certain systems that contained patient information and remove some data between January 21 and February 5, 2021”.

Exposed data

The potentially exposed information, it said, includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport, and (for Native Americans) tribal ID numbers.

Various healthcare-specific data was also involved, including health insurance information, medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.

However, RMCHCS added “that not all data elements may have been involved for all individuals”.

RMCHCS has reported that 207,195 individuals were affected to the US Department of Health and Human Services, according to its data breach portal.

Breach investigation

Upon learning of the incident on February 16, the healthcare organization said it immediately contacted law enforcement and launched an investigation.

RMCHCS added that it identified potential victims by April 30, and is now “notifying them of the incident and providing them with information about steps they can take to protect themselves”, as demonstrated by this template letter.

Potential victims are being given access to free identity monitoring and restoration services.

“In response to this incident, RMCHCS has enhanced its security and monitoring as well as hardened its systems as appropriate to minimize the risk of any similar incident in the future,” reads the data breach alert.

“It is committed to transparency and wants to share more about what happened and the measures taken to address this issue and minimize the risk of any similar incident in the future.”

RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services, among others, to residents of McKinley County and eastern Arizona.

Formed out of a merger of two hospitals in 1983, the non-profit can trace its origins back to the provision of healthcare services to residents of Gallup, Arizona and Native Americans living on nearby reservations in the early 1900s.

The Daily Swig has attempted to contact RMCHCS for further details – we will update the article should we secure a response.

Source: https://portswigger.net/daily-swig/us-healthcare-non-profit-reports-data-breach-impacting-200-000-patients-employees

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO