Bryan County Ambulance Authority
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Bryan County Ambulance Authority in Oklahoma experienced a significant cybersecurity incident in November 2021, which was identified as a ransomware attack. This incident led to the encryption of files stored on the authority’s systems, prompting immediate actions to disable unauthorized access and restore the encrypted data. The breach affected a total of 14,273 individuals, as reported to the Office for Civil Rights (OCR) data breach portal. The breach notification to the OCR and the commencement of patient notifications occurred on May 18, 2022, which is notable because the HIPAA Breach Notification Rule mandates that covered entities report healthcare data breaches within 60 days of discovery.
The ransomware attack on the Bryan County Ambulance Authority was part of a broader trend observed in May 2022, which saw a 25% increase in healthcare data breaches of 500 or more records compared to previous periods. This spike in incidents highlights the growing challenge of cybersecurity within the healthcare sector. The specific types of personal information compromised in the Bryan County Ambulance Authority incident included patients’ and research participants’ names, birth dates, medical record or patient account numbers, addresses, diagnoses, provider names, dates of service, and some health insurance information and Social Security numbers. However, the breach notification did not specify the exact types of data stolen in the ransomware attack.
In response to the incident, the Bryan County Ambulance Authority undertook an investigation with the help of a computer forensic firm and implemented measures to reinforce education among its staff on identifying and avoiding suspicious emails. Additionally, affected individuals were offered complimentary identity theft protection services as a precautionary measure to mitigate potential harm from the breach[1][2][3][5].
This incident underscores the importance of robust cybersecurity measures and prompt incident response protocols within the healthcare industry to protect sensitive patient information from unauthorized access and ensure compliance with regulatory requirements.
Citations:
- https://healthitsecurity.com/news/bryan-county-ambulance-authority-in-oklahoma-faces-ransomware-14k-impacted
- https://www.hipaajournal.com/may-2022-healthcare-data-breach-report/
- https://mednetconcepts.com/mednetconnect/bryan-county-ambulance-authority-in-oklahoma-faces-ransomware-14k-impacted/
- https://twitter.com/SecurityHIT/status/1529459363513044992
- https://www.healthcarecompliancejournal.com/theft-incident-at-sac-health-and-ransomware-attacks-on-bryan-county-ambulance-authority-and-lifespan-services/?amp=1
- https://www.hipaajournal.com/sac-health-theft-incident-and-multiple-ransomware-attacks-reported/
- https://thehipaaetool.com/ambulance-services-face-health-privacy-challenges/
- https://www.sai.ok.gov/Search%20Reports/database/Bryan%20CO%20EMS%20FY%2021%20with%20findings%20web%20final.%20.pdf
- https://stacker.com/oklahoma/biggest-health-care-data-breaches-you-should-know-about-oklahoma