Hunt Regional Healthcare based in Texas learned that a May 2018 cyberattack was more extensive than earlier thought. The FBI informed Hunt Regional on May 14, 2019 that an advanced, targeted cyberattack hit its systems and the protected health information (PHI) of a small percentage of its patients was exposed. Those people obtained medical services from Hunt Regional Medical Center in the past.
The hackers accessed the PHI located in a limited area in the system. The affected individuals received notifications about the data breach on July 2019. Third-party computer forensics experts performed a more detailed investigation of the breach and discovered that the hackers had accessed other parts of the system that were not included in the initial notification.
The additional areas of the system stored the PHI of patients from other facilities within the network, such as
- Hunt Regional Medical Center in Greenville
- Hunt Regional Home Care
- Hunt Regional Emergency Medical Center – Commerce
- Hunt Regional Lab Solutions
- Hunt Regional Emergency Medical Center – Quinlan
- Texas Oncology Greenville
- Hunt Regional Open Imaging – Rockwall
- Hunt Regional Open Imaging – Greenville
- Hunt Regional Infusion Center
- Hunt Regional Outpatient Behavioral Health
Medical records were possibly compromised including the following personal data: names, telephone numbers, birth dates, ethnicity, religious background, and Social Security numbers.
It wasn’t possible to verify exactly which medical records the attackers accessed or copied thus the provider decided to send breach notification letters to all the patients included in the database to be certain everyone was aware of the possible compromise of their information. All people were provided credit monitoring and identity theft protection services through the $1 million identity theft insurance policy of IDCare.
Hunt Regional had employed the necessary safeguards before the attack happened to avoid the unauthorized access of patient data. However, Hunt Regional implemented additional safety measures to reinforce data security with the help of third-party cybersecurity professionals.
Hunt Regional submitted in July 2019 the preliminary breach report to the HHS’ Office for Civil Rights indicating 3,700 patients were affected. The updated breach report has yet to be submitted with the corrected total.