HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Taylor Regional Hospital Still Recovering from January Cyberattack

Taylor Regional Hospital in Campbellsville, KY has suffered a cyberattack that has resulted in its IT and phone systems being taken offline. The cyberattack was reported by the hospital on January 24, 2021, and the hospital is still experiencing outages with certain computer systems and phone lines. Temporary phone lines have been set up to allow patients to contact the hospital while the cyberattack is resolved.

Cyberattacks such as this often involve ransomware, but no details have been released so far about the exact nature of the cyberattack, nor when its IT systems are expected to be restored. At this early stage, it is unclear if any patient information has been accessed or stolen by attackers.

A notice on the hospital’s website explains that quality care continues to be provided to patients and it is working as quickly as possible to safely bring its IT systems back online. Patients are encouraged not to delay seeking medical care; however, without access to IT systems, patients have been asked to bring lists of their medication with them to any appointments that have previously been scheduled.

The hospital said routine outpatient labs will only be performed during limited hours until further notice, and patients have been advised to bring a written order and patients should expect longer wait times than normal. The walk-in COVID-19 clinic is still open but will operate on a first-come, first-served basis.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Update: April 5, 2022: The incident has been reported to the HHS’ Office for Civil Rights as affecting 190,209 individuals.

Data Stolen in Cyberattack on Connecticut Accountancy Firm

The Glastonbury, CT-based certified public accountancy firm, Fiondella, Milone & LaSaracina, has announced it was the victim of a cyberattack in September 2021. The security breach was detected on September 14, 2021, with the forensic investigation determining the hackers had access to its systems from September 9, 2021.

On or around October 13, 2021, it was determined the hackers copied files and folders from its system that contained the sensitive data of certain individuals. The information potentially compromised was mostly limited to names and Social Security numbers, with some individuals also having information stolen related to ambulance trips, including date and tracking numbers, service level, payor types and category, mileage information, charge/payment information, billing review information, and remittance advice details, which may have included medical information.

Fiondella, Milone & LaSaracina said a review of security measures has been conducted and additional safeguards will be implemented to prevent further security breaches. There is no mention in the website breach notice of credit monitoring and identity theft protection services.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 6,215 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.