Baptist Health Medical Center has begun notifying affected patients following unauthorized access to their IT environment.
Baptist Health Medical Center–Drew County experienced a data breach between April 22, 2024, and July 8, 2024. During the incident, an unauthorized party accessed the hospital's IT environment. The breach was discovered on July 8, when unusual activity in the hospital’s systems was detected. Upon discovery the hospital immediately initiated an investigation, secured its systems, and notified law enforcement.
The investigation revealed that the unauthorized party potentially accessed or acquired sensitive patient information including names, addresses, dates of birth, and medical record numbers among other information. Baptist has begun notifying those affected as of August 30, 2024.
Related: What is unauthorized access, and how can it be prevented?
According to Baptist’s notice of the security incident, “Upon learning of this, we initiated an investigation, took steps to secure the Hospital’s systems, and notified law enforcement. Additionally, a third-party forensic firm was engaged to assist in the investigation.”
Related: HIPAA Compliant Email: The Definitive Guide
When someone gains entry to a system, data, or resource.
An IT environment refers to the collection of hardware, software, networks, and systems that manage and store an organization’s data and technology.
Unique identifiers assigned to patients' health records are used by healthcare providers to track and manage medical information.