Dow Rummel Village
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Dow Rummel Village (DRV), an assisted-living healthcare organization located in South Dakota, experienced a significant data breach in early 2022. On February 14, 2022, DRV became aware of a potential business email compromise involving several of their email accounts. This incident led to the compromise of six email accounts as determined by a forensic investigation that concluded on March 21, 2022.
The data breach potentially involved the personal and protected health information of some individuals. The types of information that could have been compromised include first and last names, addresses, dates of birth, telephone numbers, social security numbers, email addresses, health plan beneficiary numbers, health insurance information, full-face photos or comparable images, UCI numbers (unique identifying numbers or codes generated by DRV for individuals), medical information, diagnosis, disability codes, and certificate/license numbers. It is important to note that no Social Security Numbers or financial account numbers were impacted by this breach
In response to the breach, DRV took immediate steps to secure the compromised accounts and engaged a specialized third-party cybersecurity firm to conduct a thorough investigation. DRV also began an extensive internal investigation, which included engaging a third-party data mining vendor to discover and review all files and emails in the compromised accounts to identify the specific individuals and the types of information that were potentially impacted
Despite the breach, DRV believes that the vast majority of impacted individuals’ personal information was not obtained. However, out of an abundance of caution, DRV has provided notification to all potentially impacted individuals, regardless of the specific information not being subject to unauthorized access or acquisition.