Methodist Family Health

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Methodist Family Health (MFH), a healthcare provider based in Arkansas, experienced a significant data breach on March 4, 2023, which was first detected on March 6, 2023. This breach involved unauthorized access and copying of documents containing protected health information (PHI). The compromised information included, in some instances, patients’ full names, dates of birth, dates of admission or treatment, home addresses, account numbers, diagnoses, service charges, and medication information[1][4][6].

MFH is an organization dedicated to providing care to Arkansas children who are abandoned, abused, neglected, and those struggling with psychiatric, behavioral, emotional, and spiritual issues[4]. The breach affected various documents a business associate used to provide pharmacy services[1]. Following the detection of the breach, MFH acted promptly to terminate unauthorized access and took additional measures to strengthen privacy and data security[1][4][6].

Despite the breach, MFH officials have stated that there is no evidence to suggest that the information accessed has been or will be misused. However, they are notifying individuals whose information may have been involved in the breach and encouraging them to review account statements and credit reports closely for any suspicious activity[4][6]. As a precautionary measure, MFH recommends that affected individuals remain vigilant and report any fraudulent activity or suspected incidence of identity theft to the appropriate authorities[1].

MFH has also made resources available for those affected, including a toll-free number to contact their Chief Privacy Officer for further information and assistance[1][6]. The organization has emphasized its commitment to safeguarding patients’ PHI and continuously reviews and updates its internal processes and procedures to prevent future breaches[1][7].

This incident underscores the importance of robust cybersecurity measures and the need for continuous vigilance to protect sensitive health information in the digital age.

Citations:

  1. https://www.methodistfamily.org/patient-privacy-hipaa/
  2. https://www.methodistfamily.org
  3. https://www.expressnews.com/business/article/methodist-hospital-co-owner-hca-healthcare-18194374.php
  4. https://www.kark.com/news/local-news/arkansas-patient-info-part-of-methodist-family-health-data-breach/
  5. https://healthitsecurity.com/news/ex-methodist-staff-plead-guilty-to-illegal-phi-exposure-in-hipaa-violation-case
  6. https://www.thv11.com/article/tech/methodist-family-health-data-breach/91-9c56eea1-0b33-4f3c-89ac-8696a53fa127
  7. https://katv.com/news/local/methodist-family-health-notifying-some-arkansans-about-a-ransomware-attack-affecting-health-information-patients-phi-account-number-diagnosis-service-charges-data-breach-medication-full-names-identity-home-address-documents-business-responsible-trust
  8. https://www.methodistfamily.org/privacy-policy/
  9. https://youtube.com/watch?v=T0ndHVjD93c
  10. https://achi.net/newsroom/report-reveals-rural-arkansas-hospitals-concerns-about-cybersecurity/
  11. https://www.hipaajournal.com/5-healthcare-providers-suffer-phi-breaches/
Breach Submission Date May 03, 2023
Converted Entity Name Methodist Family Health
Converted Entity Type Healthcare Provider
State AR
Individuals Affected 5,259
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes