Cyber attack on Mercer County hospital impacted close to 90,000 patients

Mercer County Joint Township Community Hospital said the data security incident it suffered last year compromised the sensitive personal information of approximately 90,000 individuals.

 

Located in Coldwater, Ohio, Mercer County hospital provides a range of medical services, including emergency, surgical, and rehabilitative care, with a focus on patient-centred care and a tranquil environment.

 

In a data security incident notice published on its website, the hospital said that on April 2, it identified suspicious activity in its internal network that affected a limited number of systems. The hospital immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Following an investigation conducted by third-party forensic specialists, it was determined the incident occurred between April 2, 2024, to April 3, 2024,” reads the notice.

 

Mercer County hospital said the cyber security incident compromised its patients’ records, including their names, physical addresses, email addresses, phone numbers, dates of birth, Social Security Numbers, driver’s license/State ID numbers, medical information, health insurance information, and payment information, including payment card and financial account information. 

 

While the notice doesn’t state the number of affected people, the hospital revealed in a filing with the U.S. Department of Health and Human Service Office for Civil Rights that it has identified at least 88,541 individuals who were impacted by the incident.

 

“Mercer County Joint Township Community Hospital understands the inconvenience or concern this incident may cause is committed to ensuring the security of all information in its control and has taken steps to strengthen its security posture,” the hospital added.

 

While Mercer County hospital found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Mercer County hospital. The healthcare provider also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.