TX: Hunt Memorial Hospital District notifies additional patients about May 2018 breach
Brad Kellar of the Herald-Banner reports:
The Hunt Memorial Hospital District released an update regarding a criminal cyber attack which was discovered against the district earlier this year, warning more of the district’s patients may have been impacted.[…]
According to the release, the cyber attack occurred in May 2018 “during which hackers gained access to information in its computer network that included personal information of a subset of Hunt’s patients.”
Read more on The Herald-Banner.
A notice on Hunt’s web site dated October 11, 2019 reads:
Hunt Regional Healthcare was recently the victim of a criminal cyber attack.
By law, we are required to send a letter to all patients in our database using the information provided by the patient at the time of treatment.
Treatment may have taken place at any Hunt Regional entity which includes:
Hunt Regional Medical Center in Greenville
Hunt Regional Emergency Medical Center – Commerce
Hunt Regional Emergency Medical Center – Quinlan
Hunt Regional Home Care
Hunt Regional Lab Solutions
Hunt Regional Open Imaging – Greenville
Hunt Regional Open Imaging – Rockwall
Hunt Regional Outpatient Behavioral Health
Hunt Regional Infusion Center
Texas Oncology Greenville
We want you to be aware we have no indication data has been used inappropriately.
However, we have engaged an identity theft security company, ID Experts, to assist our patients and we encourage you to take advantage of this free service.
ID Experts can be reached at 1-833-297-6403. Please be aware ID Experts will request your social security number in order to begin your credit monitoring.
We truly apologize for this inconvenience and appreciate your understanding as we work to resolve this issue.
For more information, click here.
Now why do they say that they were recently the victim of a cyberattack if this is an expanded notification concerning a May 2018 attack that they learned about in May 2019 from the FBI?
On their site, there is one more notification, dated October 7, 2019. This one says:
On August 14, 2019, Hunt Memorial Hospital District determined the personal information of patients of Hunt Regional Medical Center (“Hunt Regional”) may have been compromised in a sophisticated cyber attack. Hunt Regional initially learned from law enforcement on May 14, 2019, that the information of a small number of its patients was compromised in
the targeted cyber attack dating back to May of 2018. During the incident, hackers gained access to patient personal information in what Hunt Regional believed at the time to be a limited area of its network. Hunt Regional’s investigation up to that point indicated only a subset of its patients was affected by this incident. At that time, Hunt Regional sent notification letters to all those individuals whose personal information Hunt Regional suspected had been compromised.
Following the discovery of this incident, Hunt Regional engaged independent cyber forensics experts to analyze its systems and investigate the full impact of the unauthorized access. During this investigation, Hunt Regional determined on August 14, 2019, that it could not rule out the possibility that the personal information of additional individuals may have also been accessible. Out of an abundance of caution, Hunt Regional recently notified all patients whose information may have been impacted. Because the hackers gained access to Hunt Regional’s network, the hackers were potentially able to access patient medical records which contain information including patient names, telephone numbers, Social Security numbers, dates of birth, race, and religious preferences. We have no indication that any financial information was impacted.
That seems a bit clearer — and more consistent. You can read that full notification here.