The South Carolina clinic recently notified patients and the Department of Health and Human Services of a data breach.
On June 12th, Rural Health Services (RHS) Inc. notified the HHS of a data breach that impacted 36,542 individuals. The following day, RHS released a notice on their website. The organization said the breach was the result of a hacking incident on RHS’ network.
The breach impacted data including names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account numbers, medical history, mental and physical treatment information, diagnosis information, prescription information, treating/referring physician, patient number, Medicare/Medicaid information, and health insurance information.
After discovering the breach, RHS said they immediately “launched an investigation, contained and secured the network, eradicated the threat and alerted law enforcement.”
Through the investigation, RHS determined that their network was accessed between January 15th, 2025 and February 13th, 2025. RHS believes some files may have been accessed or removed. However, they currently have no reason to believe that financial fraud or identity theft has occurred as a result of the incident.
Now, RHS is mailing breach notifications to impacted patients. RHS is offering a toll-free call line and providing information on credit monitoring and freezes.
Now that RHS has completed their investigation and begun mailing out notifications, it may become clearer if any individuals have been impacted by the breach. If the breach has resulted in increased scam calls or credit fraud, a class action lawsuit may form.
The incident will likely result in RHS re-evaluating their current cybersecurity practices to prevent future incidents from occurring.
Data breaches in rural settings can be particularly detrimental if they disrupt patient care. In rural settings, hospitals may be far apart and it can be difficult for patients to transfer to other clinics to receive care. In some cases, breaches can prevent computers from operating, leading to critical procedures being delayed.
For Rural Health Services, the breach originated in their network server, which is usually the central hub of all data and communication platforms an organization uses. Network servers determine, for instance, what programs are on an employee’s computer. When the network is infiltrated, attackers may be able to access databases, communication programs, and more.