Elitecare hospital says cyber attack compromised the data of about 25,000 patients

Elitecare Emergency Hospital, a League City, Texas-based healthcare provider, said it suffered a data security incident that compromised the sensitive personal information of almost 25,000 individuals.

 

In a data breach notice posted on its website, Elitecare Emergency Hospital said that on July 10, it identified suspicious activity in its internal network and quickly launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The hospital said it also took the affected systems offline and notified relevant law enforcement authorities about the incident.

 

“On July 17, 2024, we determined the incident was a cybersecurity breach and worked with the incident response team to conduct a forensic analysis. The investigation confirmed that the intruder accessed PHI, but we have not identified evidence that this incident spread beyond the original intruder,” reads the notice.

 

The compromised data included patients’ names, addresses, dates of birth, phone numbers, emails addresses, Social Security numbers, driver’s licenses or state ID numbers, health insurance information, medical information including medical record numbers, providers, diagnoses, medicines, test results, images, and treatment details, billing, claims, and payment information including account numbers and more.

 

Elitecare also revealed in a filing with the U.S. Department of Health and Human Services Office for Civil Rights that it has identified 24,754 individuals who were impacted by the incident.

 

“Elitecare, along with leading external industry experts, continue to monitor the internet and dark web for any indication that the affected personal information is being circulated. Following the incident, Elitecare has reinforced its policies and implemented additional technological safeguards to reduce the risk of similar incidents in the future,” the hospital added.

 

While Elitecare found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services for two years through IDX to all affected individuals.