Labette Health

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Labette Health, a healthcare provider located in Parsons, Kansas, experienced a significant data breach in October 2021. Between October 15 and October 24, an unauthorized party accessed Labette Health’s network, potentially accessing and exfiltrating sensitive patient and employee information. The compromised data included names, Social Security numbers, treatment costs, dates of service, Medicare or Medicaid numbers, treatment and diagnosis information, prescription information, and health insurance information. Labette Health began notifying affected individuals on March 11, 2022, emphasizing the importance of vigilance in monitoring account statements and financial activities[1][2].

In response to the breach, Labette Health implemented several security improvements, including more robust password security policies, multi-factor authentication, increased employee training, and upgraded endpoint detection software[1]. Despite these measures, the breach had significant repercussions. A lawsuit filed against Labette Health highlighted the removal of files containing personal information of more than 85,000 patients and employees. Plaintiffs sought to represent a class of victims affected by the data breach, alleging various damages, including unauthorized bank charges and increased spam communications. The lawsuit also noted that some plaintiffs’ personal information was found on the dark web following the breach[3].

However, a potential class action lawsuit against Labette Health was dismissed for lack of standing, as the plaintiffs failed to demonstrate concrete injury traceable to the breach or the hospital’s actions[9][12][13]. This legal outcome underscores the challenges in establishing direct harm and causation in data breach litigation.

Labette Health’s data breach was part of a larger trend of cyberattacks targeting healthcare institutions, which hold sensitive patient information. Such breaches not only compromise the privacy and security of individuals’ personal and health information but also expose healthcare providers to legal, financial, and reputational risks[7].

In summary, the Labette Health data breach in October 2021 resulted in the potential exposure of sensitive information of an undisclosed number of individuals. Despite the healthcare provider’s efforts to mitigate the breach’s impact and enhance its cybersecurity measures, the incident highlights the ongoing challenges and consequences of securing personal and health information in the digital age[1][2][3].

Citations:

  1. https://healthitsecurity.com/news/labette-health-capital-region-medical-center-confirm-data-breaches
  2. https://www.databreaches.net/ks-labette-health-discloses-october-2021-data-security-incident/
  3. https://www.anylaw.com/case/blood-et-al-v-labette-county-medical-center/d-kansas/10-20-2022/N6xu-YMBBbMzbfNVtDdc
  4. https://www.thelyonfirm.com/class-action/data-breach/labette-health/
  5. https://www.parsonssun.com/news/article_e0ccefb6-a1a3-11ec-9604-5bfd7ba78594.html
  6. https://law.justia.com/cases/federal/district-courts/kansas/ksdce/2:2022cv02411/143889/12/
  7. https://www.ksn.com/news/state-regional/biggest-health-care-data-breaches-you-should-know-about-in-kansas/
  8. https://www.labettehealth.com/media/2624/final-medical-staff-bylaws-approved-may-4-2023-c.pdf
  9. https://www.databreaches.net/lawsuit-against-labette-health-dismissed/
  10. https://www.hipaajournal.com/capital-region-medical-center-and-labette-health-announce-potential-phi-breaches/
  11. https://classlawdc.com/2022/03/23/labette-health-data-breach-investigation/
  12. https://news.bloomberglaw.com/litigation/hospital-data-breach-class-action-rejected-due-to-infirm-claims
  13. https://www.lexology.com/library/detail.aspx?g=e5b48ec6-9e25-47cc-95ae-a35b0fcc7ca7
Breach Submission Date Mar 11, 2022
Converted Entity Name Labette Health
Converted Entity Type Healthcare Provider
State KS
Individuals Affected 85,635
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes