Cogdell Memorial Hospital Cyberattack Affects 87,000 Patients
Cyberattacks and data breaches have recently been reported by Cogdell Memorial Hospital, Hospice of Huntington, Santa Clarita Community College District, MedQ, Inc., and The Mental Health Center of North Central Alabama.
Cogdell Memorial Hospital, Texas
On October 10, 2023, Cogdell Memorial Hospital in Snyder, TX, identified unusual activity in its computer systems. Its network was secured, and a third-party cybersecurity firm was engaged to investigate the breach. The investigation confirmed there had been unauthorized access to its systems, and files may have been viewed or acquired that contained patients’ protected health information. The review of the affected files was completed on January 17, 2024, and it was confirmed that 86,981 individuals had been affected and had their names, addresses, dates of birth, Social Security numbers, medical record numbers, and medical treatment information exposed.
Those individuals have been notified by mail and told to remain vigilant against incidents of identity theft and fraud. Cogdell Memorial Hospital said it is improving network security and reviewing its current policies and procedures related to data security. Credit monitoring and identity theft protection services do not appear to have been offered.
MedQ, Inc.
MedQ, Inc., a provider of administrative services to HIPAA-covered entities, experienced a ransomware attack on or around December 26, 2023. Some of the servers used by the MedQ platform and hosted on a third-party platform were encrypted in the attack. The forensic investigation confirmed that files were copied from the servers between December 20 and December 26, 2023, before file encryption.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Those files contained names, Social Security numbers, driver’s License numbers, dates of birth, health information, subscriber ID numbers, diagnoses, lab results, medications, other treatment information, health insurance and claim information, provider names, and dates of treatment. Additional measures have been implemented to better protect and monitor its systems. Affected individuals have been offered complimentary credit monitoring and identity theft protection services. The incident has been reported to the HHS’ Office for Civil Rights as affecting 54,725 individuals.
Hospice of Huntington, West Virginia
Hospice of Huntington in West Virginia has notified 9,013 individuals that some of their protected health information was exposed in an August 28, 2023, security incident. The forensic investigation and file review were completed on December 18, 2023, and confirmed that files had been removed from its systems on August 25, 2023.
Those files contained names, Social Security numbers, driver’s license numbers or state identification numbers, dates of birth, medical information, and health insurance information. Hospice of Huntington said it has found no evidence of actual or attempted misuse of the stolen information and said, “Notified individuals have been provided with best practices to protect their information.” Credit monitoring services have been offered to individuals whose Social Security numbers were stolen.
Santa Clarita Community College District, California
Santa Clarita Community College District has confirmed that the protected health information of 2,324 individuals was compromised in a data breach at its business associate, the Torrance-based consulting and brokerage firm, Keenan & Associates.
On August 27, 2023, Keenan & Associates identified an intrusion when disruptions occurred on its network servers. The forensic investigation confirmed there had been unauthorized access to systems between August 21, 2023, and August 27, 2023, during which time files were removed from its systems. Those files contained names, Social Security numbers, and health insurance information. Keenan & Associates is notifying the affected individuals and has offered those individuals 24 months of complimentary credit monitoring and identity theft protection services.
Mental Health Center of North Central Alabama
The Mental Health Center of North Central Alabama, Inc. has notified 1,000 individuals about unauthorized access to their protected health information. The breach was detected on December 19, 2023, and while the investigation is still ongoing, it has been confirmed that there was unauthorized access to certain systems for a brief period in December.
The types of information exposed varied from individual to individual and may have included names in addition to one or more of the following: address, birth date, admission date, discharge date, death date, medical record number, provider or facility name, medical condition, diagnosis and/or treatment information, lab results, medications, payment amount history information, insurance payment amount information, date of service, Social Security number, financial account information, credit card number, medical information, health insurance information, driver’s license or state identification number, and any information on an individual that was created, used, or disclosed in the course of providing health care services.
The Mental Health Center of North Central Alabama said technical safeguards are being augmented to prevent similar incidents in the future. Credit monitoring and identity theft protection services do not appear to have been offered.
