Getty Images/iStockphoto

Patient Info Exposed in Health Clinic Cyberattack Data Breach 

An Iowa-based health clinic is the latest victim of a cyberattack.

The Iowa-based Peoples Community Health Clinic (PCHC) notified patients on June 29 that a recent cyberattack may have impacted patients’ private information. 

PCHC said it “became aware of suspicious activity related to an employee’s email account,” on March 22, according to a PCHC statement published on its website.  

“Following this, PCHC promptly launched an investigation with the assistance of third-party forensic specialists to assess the security of its systems and the nature and scope of this incident,” the statement noted. “This investigation determined that an unauthorized individual gained access to one PCHC email account between March 18, 2021 and March 22, 2021 but could not confirm what specific information within this account may have been actually accessed by the unauthorized individual.” 

The healthcare facility, which has locations in Waterloo and Clarksville, Iowa, and offers services at two school-based clinics, reviewed the “entire contents of this [email] account in order to determine the full universe of sensitive data that could have been subject to unauthorized access. On May 24, 2021, PCHC completed this review and confirmed the full scope of sensitive data and potentially affected individuals.” 

At this time, the health clinic has not found any “evidence suggesting any actual or attempted misuse of information as a result of this incident,” the statement noted.  

The information involved in this cyberattack could potentially include patients’ names, addresses, Social Security numbers, dates of birth, drivers' license numbers or state ID numbers, medical diagnoses/treatment information, health insurance information, and credit card/payment information.  

The healthcare facility is notifying all patients whose private information was involved in this cybersecurity incident.  

"Data privacy and security are among PCHC’s highest priorities, and there are extensive measures in place to protect information in PCHC’s care,” the published statement notes. “Upon discovery, PCHC promptly commenced an investigation to confirm the nature and scope of this incident and determine whether there was sensitive information contained within the impacted account.”  

“In an abundance of caution, PCHC is providing notice of this incident to potentially impacted individuals and pertinent state and/or federal regulators. As part of PCHC’s ongoing commitment to the security of information, all policies and procedures are being reviewed and enhanced where possible, additional safeguards are being implemented, and workforce training is being conducted to reduce the likelihood of a similar event in the future,” PCHC stated.  

The health clinic is advising patients to “remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors.”  

PCHC is directing patients to monitor their credit reports by visiting www.annualcreditreport.com or call 1-877-322-8228.  Patients can also contact Experian, TransUnion or Equifax directly for information on their credit reports. 

“PCHC regrets any concern this security incident may cause,” the statement read.  

Any patients with questions about the data breach can contact PCHC’s toll-free dedicated assistance line at 855-867-0662. This toll-free line is available Monday – Friday from 9:00 am to 9:00 p.m. EST. 

Next Steps

Dig Deeper on Cybersecurity strategies