Email accounts at a Kansas healthcare facility ended up compromised for practically a calendar year in a prolonged information breach influencing additional than 52,000 people today.
Emporia-based Newman Regional Health was breached by an unauthorized threat actor final 12 months. In a knowledge security notice on its web site, the health care provider disclosed that the actor was equipped to accessibility a restricted variety of email accounts involving January 26 2021 and November 23 2021.
An investigation into the security incident, conducted “with the assistance of 3rd-party experts,” uncovered that the compromised email accounts contained a treasure trove of private info, including names, health care document quantities, beginning dates, email addresses, phone figures, addresses, treatment method facts and personnel details.
“A limited group of people today may have Social Security number or monetary information and facts afflicted,” stated the healthcare service provider.
Newman Regional Health mentioned that the investigators achieved their conclusions on March 14 2022, but did not state when suspicious action had initial been detected or when the investigation into the incident was introduced.
The healthcare facility manufactured a imprecise assertion on its web page describing what action it experienced taken to reduce a very similar attack from developing in the foreseeable future.
“The security of the facts we sustain is of the optimum priority to us and we are applying increased security tools to guard it. Newman Regional Health and fitness has taken ways to assistance protect against very similar incidents in the foreseeable future,” mentioned the health care company.
Newman Regional Health and fitness has notified regulation enforcement of the information breach and is getting in touch with by letter people today whom the attack may have impacted. The healthcare company stated that while “there has been no evidence of fraudulent activity as a outcome of this incident,” recipients of the letter need to critique the information supplied relating to id protection.
The letter states: “This incident was limited to sure email accounts and did not affect the privacy or security of Newman Regional Health’s clinical record or other information and facts units.
“Although we do not have proof that your facts was made use of for fraudulent purposes, we are not able to conclusively rule out the likelihood that your personalized details was accessed and acquired as a final result of this incident.”
Some components of this write-up are sourced from: