McAlester Regional Health Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The McAlester Regional Health Center in McAlester, Oklahoma, experienced a significant data breach that was discovered on May 8, 2023. The breach occurred between April 13, 2023, and April 24, 2023, affecting a total of 37,731 individuals, including 4 residents of Maine. The breach was identified as an external system breach (hacking), leading to unauthorized access to sensitive information[1].

The compromised information included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and other government ID numbers. In response to the breach, McAlester Regional Health Center took immediate action to secure its network and engaged a third-party cybersecurity firm to investigate the incident. The investigation confirmed that files containing patient data had been exposed. A third-party vendor was also engaged to review the affected files, completing the process on October 23, 2023[2].

As part of the remediation efforts, McAlester Regional Health Center tightened firewall restrictions, rewrote and strengthened its password policy, implemented password changes across the organization for every account, and increased restrictions on file sharing. Affected individuals were notified on November 15, 2023, and were provided with complimentary single-bureau credit monitoring services at no cost[2].

The breach was reported to the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) on August 21, 2023. The notification to affected individuals included details about the breach and offered guidance on how to protect themselves from potential fraud or identity theft[4].

In addition to the immediate response, McAlester Regional Health Center has provided affected individuals with 12 months of credit monitoring and identity protection services through Cyberscout, a TransUnion company. This service aims to assist in fraud detection and resolution, offering some peace of mind to those impacted by the breach[1].

This incident underscores the importance of robust cybersecurity measures in protecting sensitive health information and the need for prompt action and transparency in the event of a data breach.

Citations:

  1. https://apps.web.maine.gov/online/aeviewer/ME/40/168cea52-014b-4cbe-92be-4cb5c1fcc1ed.shtml
  2. https://www.hipaajournal.com/healthcare-data-breach-round-up-november-16-2023/
  3. https://www.dhs.gov
  4. https://www.jdsupra.com/legalnews/mcalester-regional-health-center-files-4573269/
  5. https://www.fsa.usda.gov
  6. https://cybernews.com/news/hackers-threaten-to-auction-off-dna-patient-records-from-ok-hospital/
  7. https://jobs.walgreens.com/en/search-jobs
  8. https://www.turkestrauss.com/2023/08/28/mcalester-regional-health-center-data-breach-investigation/
  9. https://www.hipaajournal.com/couple-sues-mcalester-hospital-over-alleged-snooping-and-impermissible-disclosure/
  10. https://www.myinjuryattorney.com/mcalester-regional-health-center-data-breach-investigation/
  11. https://www.beckershospitalreview.com/cybersecurity/hackers-threaten-to-auction-oklahoma-hospital-data.html
  12. https://classlawdc.com/2023/09/01/mcalester-regional-health-center-data-breach-investigation/
  13. https://www.mass.gov/doc/assigned-data-breach-number-30963-mcalester-regional-health-center-11-15-23/download
Breach Submission Date Aug 21, 2023
Converted Entity Name McAlester Regional Health Center
Converted Entity Type Healthcare Provider
State OK
Individuals Affected 37,731
Breach Type Hacking/IT Incident

Breach Information Location Desktop Computer, Network Server

Business Associate Present Yes