Getty Images/iStockphoto

Data Breach Goes Unnoticed For Nearly 1 Year at KS Hospital

Newman Regional Health, a critical access hospital in Kansas, suffered a data breach that impacted over 52,000 individuals.

Newman Regional Health in Emporia, Kansas disclosed a data breach that impacted 52,224 individuals. The 25-bed critical access hospital said that an unauthorized actor gained access to a limited number of email accounts between January 26, 2021, and November 23, 2021.

It is unclear when Newman Regional Health first discovered the breach. The notice on its website explained that the hospital’s data breach investigation concluded on March 14, 2022.

The email accounts contained names, medical record numbers, birth dates, email addresses, phone numbers, addresses, treatment information, employee information, and some Social Security numbers and financial information.

“The security of the data we maintain is of the highest priority to us and we are using enhanced security tools to protect it,” the notice stated. “Newman Regional Health has taken steps to help prevent similar incidents in the future.”

Newman Regional Health also provided information about checking a child’s credit and guidance regarding the identity theft of a deceased person. The hospital recommended that individuals review its provided identity theft information to mitigate risk.

Urgent Team Holdings Breach Affects 166K

Urgent Team Holdings, a group of urgent care and walk-in centers headquartered in Tennessee, suffered a data breach that impacted 166,601 individuals. According to a notice on its website, Urgent Team Holdings discovered that an unauthorized actor had accessed its network between November 12 and November 18, 2021.

By January 31, 2022, Urgent Team Holdings had found that the unauthorized individual potentially removed names, birth dates, and medical record numbers from its network. Despite this discovery, the organization said it still had no evidence that the information was actually viewed or removed.

Urgent Team Holdings encouraged individuals to review their explanation of benefits statements, ask their insurance companies for a report of all services paid, and only share health insurance cards with providers.

“We are committed to maintaining the privacy of personal and protected health information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal and protected health information,” the notice stated.

“Specifically, since this incident, we have implemented multifactor authentication (MFA) as a measure to add additional layers of security to our systems and to lessen the risk of unauthorized access. Additionally, we have implemented a robust antivirus solution to notify us when it detects an attempt to gain unauthorized access to our systems.”

Urgent Team Holdings consists of a network of over 60 urgent care centers across five states in the Southeast.

Arizona Community Mental Health Center Faces Data Breach

The Guidance Center (TGC), which provides mental health services throughout Northern Arizona, began notifying 23,104 individuals of an email data breach. It is unclear when the breach occurred or when TGC first discovered it.

An unauthorized actor accessed TGC employee email accounts containing medical treatment and diagnosis information, patient record numbers, and/or health insurance information.

TGC said it had no reason to believe that any information was misused. The practice encouraged victims to closely monitor credit reports and account statements.

“Upon learning of the incident, TGC promptly contained the incident by securing the email accounts to prevent further access. It also engaged a forensic security firm to investigate and confirm the security of its email and computer systems and has adopted additional security enhancements,” the notice stated. 

“TGC is notifying all impacted individuals for whom it has a valid mailing address and has arranged for complimentary identity protection and credit monitoring services for certain individuals.”

Next Steps

Dig Deeper on Healthcare data breaches