Mercy Medical Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Mercy Medical Center in Cedar Rapids, Iowa, has experienced a significant security breach affecting the personal information of approximately 97,000 patients. The breach was linked to a third-party vendor, Perry Johnson & Associates (PJA), which provided transcription services to the hospital from May 2, 2011, to May 31, 2014. PJA discovered a “security incident” on May 2, 2023, when an unauthorized person accessed some of its systems and demanded a ransom. PJA responded by initiating an investigation and hiring a cybersecurity expert to contain the threat and secure their systems[1][4][6].
The compromised data included patients’ names, birth dates, addresses, Social Security numbers, and medical record information such as patient account numbers and dates of admission, discharge, and examination[1][2][4]. Mercy Medical Center has since notified affected patients and recommended that they remain vigilant by reviewing account statements, monitoring free credit reports, and reporting any suspicious activity to law enforcement[1].
The breach did not involve unauthorized access to Mercy Medical Center’s own computer systems and did not impact the hospital’s ability to care for patients[1][4]. The hospital has offered free credit monitoring services to affected patients and has directed them to national consumer reporting agencies to place a free security freeze and fraud alert on their credit reports[1].
The incident was reported to the U.S. Department of Health and Human Services’ Office for Civil Rights on November 3, making it the second-largest breach under investigation in the last two years[1]. Health care data breaches have been on the rise, with 2021 seeing the highest number of data breaches affecting more than 500 people on record[1].
Citations:
- https://www.thegazette.com/health-care-medicine/mercy-medical-center-alerts-97k-patients-at-risk-in-security-breach/
- https://www.jmlawyer.com/blog/mercy-medical-center-data-breach/
- https://www.mercycare.org
- https://www.beckershospitalreview.com/cybersecurity/iowa-hospital-caught-in-vendor-breach.html
- https://atriumhealth.org
- https://www.kwwl.com/news/crime-courts/perry-johnson-associates-mercy-medical-center-affected-by-security-breach/article_9259c68a-9623-11ee-992f-d701419f665d.html
- https://abcnews.go.com
- https://www.bankinfosecurity.com/iowa-medical-center-latest-victim-transcription-firm-hack-a-23929
- https://www.kctv5.com/news/
- https://www.nrtoday.com/news/health/chi-mercy-medical-center-one-of-34-hospitals-affected-by-recent-data-breach/article_de4fe296-95fa-11ee-946e-e3ad9c434c5c.html
- https://www.cbsnews.com/?ftag=CNM-16-10abc6g
- https://joinclassactions.com/class_actions/mercy-medical-center-data-breach/
- https://www.thestate.com
- https://www.lawampm.com/mercy-medical-center-data-breach/
- https://fadv.com
- https://www.bitdefender.com/blog/hotforsecurity/mercy-iowa-city-discloses-highly-sensitive-data-breach-impacting-over-60000-iowans/
- https://www.ticketsatwork.com/tickets/