Ransomware attack on Oklahoma emergency service impacted over 180,000 residents

Muskogee City County Enhanced 911 Trust Authority, the official emergency services provider to the residents of City and County of Muskogee in Oklahoma, said that the data security incident it suffered earlier this year compromised the sensitive personal information of approximately 180,000 individuals.

 

In a press release published on Sept. 20, Muskogee City County Enhanced 911 Trust Authority, locally known as  MCC911, said that on July 25, it detected suspicious activities in its internal network which indicated that it was a victim of a ransomware attack.

 

The emergency services authority said that after it identified the attack, it immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network, including taking certain systems offline and changing passwords and notified federal law enforcement about the incident.

 

“The investigation found evidence that unauthorised, criminal actors accessed the MCC911 systems from April 4, 2024, through July 31, 2024,” the authority said. 

 

“MCC911 is providing this notice to all individuals who may be potentially affected by this situation, which potentially includes anyone who received emergency medical services in Muskogee County, Oklahoma from January 2011 through April 2023.”

 

MCC911 said the compromised data included names, addresses, dates of birth, Social Security numbers, diagnosis & conditions, medication and treatment information, medical procedures, hospital provider names, and health insurance information of Muskogee residents. 

 

The authority’s filing with the U.S. Department of Health and Human Services Office for Civil Rights also revealed that at least 180,000 individuals were impacted by the data security incident.

 

“MCC911 also added measures to improve the security of our systems and practices, including implementing endpoint and monitoring tools, updating the firewall, introducing geolocation restrictions, and reconfiguring resources to provide additional protections,” the trust added.

 

While MCC911 found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.