Capital Region Medical Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In December 2021, Capital Region Medical Center (CRMC) in Jefferson City, Missouri, experienced a significant cybersecurity incident that led to the unauthorized access of sensitive data. On December 17, 2021, CRMC detected suspicious activity on its network systems, which was immediately followed by the disabling of their network as a precautionary measure. An investigation was launched with the assistance of a third-party cybersecurity firm, and law enforcement was notified. The public was informed of the incident on December 23, 2021[1][3].
The breach investigation revealed that an unauthorized third party had gained access to files containing personal and health information of CRMC employees and, potentially, patients. The compromised data included names, dates of birth, full mailing addresses, medical information, health insurance information, Social Security numbers, and driver’s license numbers[1][2]. Despite the breach, there was no indication that electronic medical health records were accessed. However, due to the sensitive nature of the accessed information, CRMC offered affected individuals two years of complimentary credit monitoring services to mitigate the risk of fraud or identity theft[1].
The incident is part of a larger trend of cyberattacks targeting healthcare facilities, with hundreds of hospitals across the United States, including in Missouri, being affected by similar incidents. These attacks have had long-lasting effects on the operations and security practices of the involved healthcare providers[4].
In response to the breach, CRMC has taken steps to enhance its cybersecurity measures and continues to evaluate its security practices to prevent future incidents. The breach has raised concerns about the adequacy of data security systems in healthcare facilities and the legal obligations of these entities to protect patient and employee information[3].
Legal investigations and potential class-action lawsuits have been initiated by law firms specializing in data breach cases, aiming to hold CRMC accountable for failing to safeguard sensitive patient information and to seek compensation for affected individuals[2][5]. These legal actions highlight the growing scrutiny and legal challenges faced by organizations that experience data breaches, emphasizing the importance of robust cybersecurity measures and prompt incident response protocols.
Citations:
- https://www.mass.gov/doc/assigned-data-breach-number-26274-capital-region-medical-center/download
- https://classlawdc.com/2022/03/23/capital-region-medical-center-data-breach-investigation/
- https://www.jdsupra.com/legalnews/data-breach-alert-capital-region-3143692/
- https://www.kcur.org/2023-03-30/a-group-of-hackers-has-hit-hundreds-of-hospitals-including-in-missouri-the-effects-last-years
- https://www.thelyonfirm.com/class-action/data-breach/capital-region-medical/
- https://www.scmagazine.com/analysis/capital-region-medical-center-reports-system-wide-network-outage
- https://www.doj.nh.gov/consumer/security-breaches/documents/capital-region-medical-center-20220325.pdf
- https://healthitsecurity.com/news/labette-health-capital-region-medical-center-confirm-data-breaches
- https://www.hipaajournal.com/capital-region-medical-center-and-labette-health-announce-potential-phi-breaches/
- https://www.komu.com/news/midmissourinews/patient-information-released-in-capital-region-medical-center-cybersecurity-incident/article_2af141f4-6e47-11ec-a014-7bcf096a1252.html
- https://www.newstribune.com/news/2021/dec/23/capital-region-medical-center-targeted-in-cyber/