Muskogee City County Enhanced 911 Trust Authority & PRC-Saltillo Announce Data Breaches
Muskogee City County Enhanced 911 Trust Authority (MCC911) in Oklahoma has suffered a major data breach involving the protected health information of up to 180,000 individuals. The attack was detected on July 25, 2024, when unusual was detected within its network indicative of a ransomware attack.
MCC911 took immediate action to contain the attack and prevent further unauthorized access to its systems and cybersecurity professionals were engaged to investigate the incident, determine how network access was gained, and confirm the scope of the incident. The investigation confirmed that a ransomware group had access to certain parts of its network between April 4, 2024, and July 31, 2024, during which time patient data may have been exfiltrated from its network.
A file review was conducted that confirmed names, addresses, dates of birth, Social Security numbers, diagnoses/conditions, medication/treatment information, medical procedures, hospital provider names, and health insurance information had been exposed. The types of data involved varied from individual to individual and the data was for individuals who received emergency medical services in Muskogee County between January 2011 and April 2023.
No evidence of misuse of the affected data has been identified; however, the affected individuals have been encouraged to monitor their accounts and explanation of benefit statements for suspicious activity. MCC911 has taken several steps to improve cybersecurity and prevent similar incidents in the future, including implementing new endpoint detection and monitoring tools, updating its firewall, adding geolocation restrictions, and reconfiguring its resources to provide additional protections.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
PRC-Saltillo
Prentke Romich Company dba PRC-Saltillo, an Ohio-based medical equipment manufacturer, has warned 51,627 individuals about the exposure of some of their personal and health information. Suspicious activity was identified within its computer network on or around August 21, 2024. Immediate action was taken to isolate its systems and third-party cybersecurity experts were engaged to investigate the unauthorized activity.
They confirmed that an unauthorized actor gained access to its network on August 14, 2024, and copied files from its systems. Some of those files contained information protected under HIPAA, including names, addresses, phone numbers, birth dates, treatment cost information, referring/treating physicians’ names, health insurance information, Medicare/Medicaid plan names, and the medical device purchased. Individual notifications were mailed on September 25, 2024. The affected individuals have been advised to be vigilant against incidents of identity theft and fraud by reviewing their account statements.
