Dow Rummel Village

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Dow Rummel Village (DRV), an assisted-living healthcare organization located in South Dakota, experienced a significant data breach in early 2022. On February 14, 2022, DRV became aware of a potential business email compromise involving several of their email accounts. This incident led to the compromise of six email accounts as determined by a forensic investigation that concluded on March 21, 2022.

The data breach potentially involved the personal and protected health information of some individuals. The types of information that could have been compromised include first and last names, addresses, dates of birth, telephone numbers, social security numbers, email addresses, health plan beneficiary numbers, health insurance information, full-face photos or comparable images, UCI numbers (unique identifying numbers or codes generated by DRV for individuals), medical information, diagnosis, disability codes, and certificate/license numbers. It is important to note that no Social Security Numbers or financial account numbers were impacted by this breach

In response to the breach, DRV took immediate steps to secure the compromised accounts and engaged a specialized third-party cybersecurity firm to conduct a thorough investigation. DRV also began an extensive internal investigation, which included engaging a third-party data mining vendor to discover and review all files and emails in the compromised accounts to identify the specific individuals and the types of information that were potentially impacted

Despite the breach, DRV believes that the vast majority of impacted individuals’ personal information was not obtained. However, out of an abundance of caution, DRV has provided notification to all potentially impacted individuals, regardless of the specific information not being subject to unauthorized access or acquisition.

Breach Submission Date Jul 20, 2022
Converted Entity Name Dow Rummel Village
Converted Entity Type Healthcare Provider
State SD
Individuals Affected 1,079
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes