Gorodenkoff - stock.adobe.com

Murfreesboro Medical Clinic Confirms 559K-Record Breach

Along with Murfreesboro Medical Clinic & SurgiCenter, Mount Desert Island Hospital and Activate Healthcare reported recent healthcare data breaches to HHS.

Approximately 559,000 individuals were impacted by a healthcare data breach at Murfreesboro Medical Clinic & SurgiCenter (MMC), the Tennessee-based organization confirmed.

As previously reported, MMC suffered a cyberattack in late April and was forced to initiate an emergency shut down of its network. MMC temporarily closed all operations and later reopened on a limited basis as it worked to fully restore operations.

MMC’s official breach notice stated that a “well-known cyber extortion operation” had infiltrated its network on April 22 with the intention of stealing information for ransom.

MMC has been “unable to determine whether any personal information was actually accessed or removed from our network,” but noted that the attack may have resulted in the theft of patient and employee information.

The data involved in the breach potentially included names, addresses, driver’s licenses, diagnostic information, dependent information, medical record numbers, insurance enrollment information, and more.

“In response to this incident we immediately shut down our network to limit the spread of the attack and, as a precautionary measure, we completely rebuilt our network with enhanced security features and controls to reduce the chance of this or a similar incident from happening in the future,” the notice stated. “At this time, all operations have been fully restored. To our knowledge, no data was lost as a result of this incident.”

Maine Hospital Suffers Breach

Maine-based Mount Desert Island Hospital (MDIH) recently notified more than 24,000 individuals of a breach that it discovered in early May. MDIH launched an investigation after discovering suspicious activity on its network on May 4.

The hospital later determined that an unauthorized party had accessed certain areas of the network between April 28 and May 7, 2023. The information involved in the incident included names, addresses, Social Security numbers, dates of birth, financial account information, billing information, and health information.

“In response to this incident, we worked with third-party specialists to re-secure our network, implement additional security precautions, and we are reviewing our policies and procedures related to data protection,” MDIH stated.

MDIH said it was unaware of any misuse of information resulting from this breach but encouraged impacted individuals to remain vigilant.

Activate Healthcare Discloses Security Incident

Activate Healthcare, an Illinois-based organization that operates healthcare clinics in the Midwest, notified 93,761 individuals of a data breach that impacted the confidentiality and security of patient data.

Activate’s IT team detected suspicious network activity on April 27 and immediately launched an investigation. Investigators discovered that an unauthorized party had accessed the Activate Healthcare network between April 22 and April 28, copying documents in the process.

The copied documents contained patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and clinical information, such as provider names, diagnoses, and dates of service.

Activate Healthcare said that there was “no indication that anyone’s information was actually viewed or that it had been misused.”

The organization set up a call center to answer questions about the incident.

Next Steps

Dig Deeper on Healthcare data breaches