Cogdell Memorial Hospital says hackers accessed the data of close to 90,000 patients

Texas-based Cogdell Memorial Hospital said it experienced a data security incident that compromised the sensitive personal information of almost 90,000 patients.

 

Based in Snyder, Texas, the Scurry County Hospital District, doing business as Cogdell Memorial Hospital, is a healthcare services provider offering a wide range of healthcare services to Scurry County and its surrounding areas.

 

In a press release, Cogdell said that on October 10, it identified unusual activity in its internal network. The healthcare provider immediately launched an internal investigation, with assistance from third party cyber security, to understand the nature and scope of the incident and said it took certain precautionary measures, including securing its affected network and resetting all passwords.

 

The hospital district’s internal investigation revealed that threat actors were able to access certain files that contained sensitive personal information of its patients. The compromised data included patient names, addresses, dates of birth, Social Security numbers, medical record numbers, and medical treatment information.  

 

“Upon learning of the potential access of information, Cogdell immediately undertook a thorough review process to identify what type of information was present within the potentially impacted files, and to whom that information belonged,” the provider said.

 

“In addition, Cogdell worked diligently to identify contact information for those potentially impacted individuals in order to provide them with notice of the incident. That process was completed on January 17, 2024.”

 

According to Cogdell’s filing with the U.S. Department of Health and Human Services Office for Civil Rights, at least 86,981 individuals were impacted by the data security incident.

 

“In response to this incident, Cogdell has implemented additional security measures within its network and facilities and is reviewing its current policies and procedures related to data security,” the healthcare provider added.

 

While Cogdell did not find any evidence of the compromised data being misused, the possibility for the same cannot be ruled out. The hospital has urged all affected individuals to remain vigilant, review their credit reports and financial statements on a regular basis, and report suspicious transactions to relevant law enforcement authorities. It is also offering complimentary credit monitoring services  to all the individuals affected by the data breach.

 

On November 4, the notorious Lorenz ransomware group claimed responsibility for the cyber attack on Cogdell Memorial Hospital and listed it as a victim on its data leak site. The group claimed to be in possession of 400 gigabytes of data that includes internal files, patient medical images, and also employee email communications.