Bryan County Ambulance Authority

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Bryan County Ambulance Authority in Oklahoma experienced a significant cybersecurity incident in November 2021, which was identified as a ransomware attack. This incident led to the encryption of files stored on the authority’s systems, prompting immediate actions to disable unauthorized access and restore the encrypted data. The breach affected a total of 14,273 individuals, as reported to the Office for Civil Rights (OCR) data breach portal. The breach notification to the OCR and the commencement of patient notifications occurred on May 18, 2022, which is notable because the HIPAA Breach Notification Rule mandates that covered entities report healthcare data breaches within 60 days of discovery.

The ransomware attack on the Bryan County Ambulance Authority was part of a broader trend observed in May 2022, which saw a 25% increase in healthcare data breaches of 500 or more records compared to previous periods. This spike in incidents highlights the growing challenge of cybersecurity within the healthcare sector. The specific types of personal information compromised in the Bryan County Ambulance Authority incident included patients’ and research participants’ names, birth dates, medical record or patient account numbers, addresses, diagnoses, provider names, dates of service, and some health insurance information and Social Security numbers. However, the breach notification did not specify the exact types of data stolen in the ransomware attack.

In response to the incident, the Bryan County Ambulance Authority undertook an investigation with the help of a computer forensic firm and implemented measures to reinforce education among its staff on identifying and avoiding suspicious emails. Additionally, affected individuals were offered complimentary identity theft protection services as a precautionary measure to mitigate potential harm from the breach[1][2][3][5].

This incident underscores the importance of robust cybersecurity measures and prompt incident response protocols within the healthcare industry to protect sensitive patient information from unauthorized access and ensure compliance with regulatory requirements.

Citations:

  1. https://healthitsecurity.com/news/bryan-county-ambulance-authority-in-oklahoma-faces-ransomware-14k-impacted
  2. https://www.hipaajournal.com/may-2022-healthcare-data-breach-report/
  3. https://mednetconcepts.com/mednetconnect/bryan-county-ambulance-authority-in-oklahoma-faces-ransomware-14k-impacted/
  4. https://twitter.com/SecurityHIT/status/1529459363513044992
  5. https://www.healthcarecompliancejournal.com/theft-incident-at-sac-health-and-ransomware-attacks-on-bryan-county-ambulance-authority-and-lifespan-services/?amp=1
  6. https://www.hipaajournal.com/sac-health-theft-incident-and-multiple-ransomware-attacks-reported/
  7. https://thehipaaetool.com/ambulance-services-face-health-privacy-challenges/
  8. https://www.sai.ok.gov/Search%20Reports/database/Bryan%20CO%20EMS%20FY%2021%20with%20findings%20web%20final.%20.pdf
  9. https://stacker.com/oklahoma/biggest-health-care-data-breaches-you-should-know-about-oklahoma
Breach Submission Date May 18, 2022
Converted Entity Name Bryan County Ambulance Authority
Converted Entity Type Healthcare Provider
State OK
Individuals Affected 14,273
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes