Mercer County Joint Township Community Hospital Cyberattack Affects Up to 88,500 Individuals
Mercer County Joint Township Community Hospital in Coldwater, Ohio, has suffered a significant data breach involving the electronic protected health information of up to 88,541 individuals. According to the substitute breach notice on its website, linked on the home page using the text “For information on data security click here,” the hospital said unauthorized activity was identified on a limited number of devices on its network on or about April 2, 2024.
A third-party forensic investigation confirmed that an unauthorized third party had access to certain networked devices between April 2, 2024, and April 3, 2024. Mercer County Joint Township Community Hospital explained that the decision was taken to issue notification letters to all individuals whose protected health information was stored on the network at the time of the incident, “out of an abundance of caution and in an effort to provide notification in the most expedient manner.”
The types of information exposed in the incident varied from individual to individual and may have included name in combination with one or more of the following: physical address, email address, phone number, date of birth, Social Security Number, driver’s license/State ID number, medical information, health insurance information, and payment information, including payment card and/or financial account information. Notification letters were mailed to the affected individuals on February 21, 2025.
Dameron Hospital Notifies Patients About November 2023 Data Breach
Dameron Hospital in Stockton, California, has recently sent notification letters to patients about a November 2023 data breach. According to the notification to the California Attorney General, a security incident was detected on or around November 5, 2023, that involved unauthorized access to personal information. The hospital explained that it has been working with external cybersecurity professionals to investigate the breach and determine the individuals affected and the data types involved.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“After an extensive forensic investigation and comprehensive document review, on March 21, 2025, we determined your personal data may have been subject to unauthorized access or acquisition, which occurred between November 4, 2023, and November 5, 2023.” Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals.
The information involved has been redacted from the notification to the California Attorney General, and it is currently unclear why it has taken 16 months to issue individual notification letters. The hacking incident has recently been reported to the HHS’ Office for Civil Rights as involving the protected health information of 210,706 individuals.
Lena Pope Home Suffers Email Account Breach
Lena Pope Home Inc., a mental health and behavioral health service provider in Fort Worth, Texas, has identified unauthorized access to its email system. Unauthorized activity was identified in the email account of an employee on January 16, 2025. Assisted by third-party cybersecurity experts, Lena Pope confirmed that the email account had been compromised, and evidence was found to indicate some emails and files in the account had been viewed or acquired.
On January 23, 2025, it was confirmed that the email account contained personal information, and on February 13, 2025, a final list of the affected individuals was obtained. In total, the account contained the personal and protected health information of 3,523 individuals. The types of information involved varied from individual to individual and may have included first and last names in combination with one or more of the following: telephone number, email address, birth date, admission date, individual/Medicaid number, health insurance policy number, date/type of service received, household size/income, self-reported reason for counseling, insurance copay/deducible information, and if there is an open child protective services case. A limited number of individuals may also have had information exposed related to their progress towards their treatment goals.
Lena Pope said technical safeguards have been enhanced, including implementing multifactor authentication and GEO IP blocking for Office 365. Staff members have been provided with additional security awareness training, and security measures will be regularly reviewed and enhanced as necessary moving forward.
