Cheyenne Regional Medical Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Breach at Cheyenne Regional Medical Center

Cheyenne Regional Medical Center (CRMC) experienced a data breach when a former employee improperly accessed the health records of approximately 1,600 patients. The unauthorized access occurred over a nearly two-year period, from August 31, 2020, to May 26, 2022[1][3][5].

The former employee had legitimate access to the hospital’s electronic health records system, but the specific records viewed were outside the scope of her job responsibilities. The information accessed included names, dates of birth, social security numbers, dates of care, medical record numbers, diagnoses, and treatments[1][3][5].

The breach was discovered after a report was made to the hospital, prompting an internal investigation. Although the investigation confirmed the unauthorized access, there was no evidence to suggest that the information was misused or retained by the former employee[3][5].

In response to the incident, CRMC took immediate action and has since implemented an IT audit trail to monitor and ensure that employees access records only for legitimate job-related reasons. The hospital also plans to send notification letters to the affected patients[1][5].

The incident was reported to the U.S. Department of Health and Human Services and was listed on their breach site as impacting 1,652 patients[3]. Cheyenne Regional Medical Center expressed regret for the incident and committed to working with individuals who may have questions or concerns[5].

Citations:

  1. https://cowboystatedaily.com/2022/07/06/former-cheyenne-hospital-employee-accessed-records-of-1600-patients/
  2. https://www.thecheyennepost.com/lifestyles/health/cheyenne-regional-medical-center-opens-mobile-program/article_6925c11a-d01b-11ee-a8c3-837b8a5e54a6.html
  3. https://www.databreaches.net/wy-former-employee-inappropriately-accessed-cheyenne-regional-medical-center-patient-health-records/
  4. https://capcity.news/community/2023/08/22/cheyenne-regional-medical-center-launches-new-website/
  5. https://www.beckershospitalreview.com/ehrs/former-wyoming-hospital-employee-caught-snooping-in-patient-medical-records.html
  6. https://www.wyomingnewsnow.tv/2024/02/01/cheyenne-regional-medical-center-hose-15th-annual-wake-up-heart-health-event/
  7. https://www.wyomingnews.com/news/local_news/cheyenne-regional-payroll-impacted-by-ransomware-attack/article_93ec2ba9-91b8-57b8-a262-6a61c7a89ae7.html
  8. https://www.wyomingnews.com/news/local_news/public-gets-a-first-look-at-cheyenne-regional-medical-center-s-new-icu/article_577434e8-7a93-11ee-8413-334a5d196c23.html
  9. https://www.hipaajournal.com/patients-notified-of-phishing-attack-at-cheyenne-regional-medical-center/
  10. https://www.gillettenewsrecord.com/news/wyoming/article_0a67429f-4cfb-52ce-976f-2fac1cc755a5.html
  11. https://www.netsec.news/cheyenne-regional-medical-center-experiences-phishing-attack/
  12. https://cowboystatedaily.com/2023/11/22/cheyenne-transient-accused-of-sexually-attacking-hospital-nurse/
  13. https://oig.hhs.gov/fraud/enforcement/cheyenne-regional-medical-center-agreed-to-pay-2-million-for-allegedly-violating-the-civil-monetary-penalties-law-by-paying-remuneration-in-the-form-of-rent-above-fair-market-value/
  14. https://www.wyomingnewsnow.tv/2023/12/16/blue-fcu-donates-mastectomy-pillows-cheyenne-regional-medical-center/
  15. https://www.cheyenneregional.org/notice-of-privacy-practices/
  16. https://capcity.news/community/county-community/2024/02/06/cheyenne-regional-medical-center-receives-over-100k-to-combat-community-gambling-addiction/
Breach Submission Date Jul 05, 2022
Converted Entity Name Cheyenne Regional Medical Center
Converted Entity Type Healthcare Provider
State WY
Individuals Affected 1,652
Breach Type Unauthorized Access/Disclosure

Breach Information Location Desktop Computer, Electronic Medical Record

Business Associate Present Yes