Columbus Regional Healthcare System

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Columbus Regional Healthcare System (CRHS) in Whiteville, North Carolina, experienced a significant data breach between May 19 and May 21, 2023. This cybersecurity incident led to unauthorized access to the healthcare system’s network, during which files containing sensitive patient information were removed. The breach was discovered following an investigation that concluded on December 28, 2023. As a result, CRHS has notified 132,887 individuals whose data may have been compromised[1][2][4][6].

The types of personal information involved in the breach varied from individual to individual but may have included names in combination with one or more of the following: Social Security numbers, dates of birth, driver’s license numbers, state identification numbers, passport numbers, alien registration numbers, financial account information, medical information (such as dates of service, treatment/diagnosis information, medical record numbers, patient account numbers, and prescription information), and health insurance policy information[1][2].

In response to the breach, Columbus Regional Healthcare System has offered complimentary credit monitoring services to individuals whose Social Security numbers were exposed. The healthcare system has also stated that it has implemented additional safeguards to protect against future unauthorized access and is continually evaluating and modifying its practices and internal controls to enhance the security and privacy of personal information[1][2].

The breach was reportedly the result of a ransomware attack by the Daixin ransomware group, which claimed to have exfiltrated 70 gigabytes of data from CRHS and threatened to leak more than 250,000 files. The group initially demanded $2 million but later reduced their demand to $1 million. However, negotiations between CRHS and the ransomware group eventually ceased[3][8][10][12].

Columbus Regional Healthcare System has not publicly confirmed the specifics of the ransomware attack or the negotiations with the Daixin group. However, the incident has been reported to the appropriate authorities, and affected individuals have been advised to monitor their account statements and credit reports for potential fraudulent activity[1][2][3][8][10][12].

This data breach underscores the ongoing challenges healthcare systems face in protecting sensitive patient information against increasingly sophisticated cyber threats.

Citations:

  1. https://www.hipaajournal.com/columbus-regional-healthcare-data-breach/
  2. https://www.wect.com/2024/01/23/columbus-regional-healthcare-system-says-data-was-breached-last-year/
  3. https://www.beckershospitalreview.com/cybersecurity/ransomware-gang-reportedly-hacks-north-carolina-health-system.html
  4. https://www.jdsupra.com/legalnews/columbus-regional-healthcare-system-7649938/
  5. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  6. https://www.beckershospitalreview.com/cybersecurity/132-000-patients-impacted-by-north-carolina-hospital-breach.html
  7. https://healthitsecurity.com/news/insurance-broker-data-breach-impacts-1.5m-individuals
  8. https://www.jdsupra.com/legalnews/columbus-regional-healthcare-system-7266959/
  9. https://www.hipaajournal.com/hipaa-breaches/
  10. https://www.thelyonfirm.com/blog/columbus-regional-healthcare-data-breach-investigation/
  11. https://www.idstrong.com/sentinel/singing-river-health-strangled-by-network-ransomware-encryptions/
  12. https://www.databreaches.net/another-hospital-hit-by-ransomware-columbus-regional-healthcare-system-in-north-carolina-hit-by-daixin/
  13. https://www.idstrong.com/sentinel/mental-health-center-targeted-by-disruptions/
  14. https://www.msdlegal.com/blog/2024/01/columbus-regional-healthcare-system-data-breach-class-action-lawsuit-investigation/
  15. https://www.wfae.org/health/2018-11-27/atrium-says-hackers-accessed-its-billing-records
  16. https://foxwilmington.com/local-news/columbus-regional-healthcare-system-says-data-was-breached-last-year/
  17. https://www.hipaa.info/hipaa-news/
Breach Submission Date Jan 19, 2024
Converted Entity Name Columbus Regional Healthcare System
Converted Entity Type Healthcare Provider
State NC
Individuals Affected 132,887
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes