Over 2.5 million people impacted in Nacogdoches Memorial Hospital breach

Texas-based Nacogdoches Memorial Hospital said a significant data breach incident earlier this year compromised detailed personal and healthcare information of more than 2.5 million patients.

 

The Nacogdoches, Texas-based hospital network, which provides comprehensive care services through Care First Primary, East Texas Neurological, Memorial family medicine and Stockman Pain Management centres, said it discovered the significant security incident on January 31 this year and took steps to prevent the malicious activity and protect stored information.

 

The hospital said that upon discovering the incident, it learned that a threat actor had gained unauthorised access to its internal network and information systems and had exfiltrated vast amounts of information stored in the affected systems.

 

The hospital added that it quickly severed the unauthorised access and initiated an investigation to determine the impact of the security incident with help from law enforcement authorities. It also took steps to enhance the security of its network and computer systems to prevent a similar incident from occurring in the future.

 

Nacogdoches Memorial Hospital said its investigation in the aftermath of the incident confirmed that the threat actor had access to patients’ names, addresses, phone numbers, email addresses, social security numbers, dates of birth, medical record numbers, medical account numbers, health plan beneficiary numbers and possible photographic images.

 

"NMH takes the security of all information in its systems very seriously and wants to assure its patients that it has taken steps to prevent a similar event from occurring in the future. This includes implementation of remediation measures to prevent recurrence, to strengthen NMH’s network security, enhancing NMH’s cyber preparedness through additional awareness training, and updating NMH’s procedures," it added.

 

The healthcare provider did not state for how long the threat actor enjoyed access to its network, whether the threat actor had deployed a ransomware to encrypt its systems or if it had received a ransom demand in exchange for the stolen data.

 

The provider notified the U.S. Department of Health Services Office of Civil Rights that the data security incident compromised the personal and healthcare information of an alarming 2,507,073 patients. "We sincerely regret any concern or inconvenience that this matter may cause its patients and remain dedicated to protecting patient’s personal information," it added.

 

Nacogdoches Memorial Hospital has not offered complimentary identity protection or credit monitoring services to affected patients. It has instead advised them to obtain a free copy of their credit reports from either of the three listed credit reporting agencies to monitor any instances of financial fraud.