Murfreesboro Medical Clinic & SurgiCenter

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Murfreesboro Medical Clinic & SurgiCenter (MMC) in Tennessee experienced a significant healthcare data breach affecting approximately 559,000 individuals. The breach occurred as a result of a cyberattack by a well-known cyber extortion operation on April 22, 2023. MMC was forced to shut down its network and operations temporarily to contain the attack and prevent further damage. Despite efforts to determine the extent of the breach, MMC has been unable to confirm whether any personal information was actually accessed or removed from their network[1][3][5].

The data potentially compromised in the breach included names, addresses, driver’s licenses, diagnostic information, dependent information, medical record numbers, insurance enrollment information, and more. MMC responded by rebuilding their network with enhanced security features and controls to reduce the chance of a similar incident occurring in the future. Operations have since been fully restored, and to MMC’s knowledge, no data was lost as a result of the incident[1].

MMC sent out data breach notification letters on June 14, 2023, to those affected by the breach, advising them of the situation and the steps they can take to protect themselves from potential identity theft or fraud. MMC has offered 24 months of complimentary credit monitoring services to the affected individuals as a precaution[6][7].

The clinic, which operates multiple facilities and employs over 500 people, has been working with law enforcement and third-party experts to investigate the source and scope of the attack. MMC’s CEO has stated that they refused to pay the ransom demanded by the attackers, as advised by law enforcement and legal counsel, and on principle[4][8].

In the aftermath of the breach, a class action lawsuit has been filed against MMC, and the court has appointed an Interim Executive Counsel Committee to oversee the consolidated litigation. The lawsuit addresses the potential impact of the data breach on affected individuals[10].

For those seeking legal advice or who have been affected by the breach, data breach lawyers are available to discuss legal options and how to protect oneself from becoming a victim of fraud or identity theft[2][7].

Citations:

  1. https://healthitsecurity.com/news/murfreesboro-medical-clinic-confirms-559k-record-breach
  2. https://www.myinjuryattorney.com/murfreesboro-medical-clinic-surgicenter-data-breach-investigation/
  3. https://www.scmagazine.com/news/tennessee-health-system-stops-all-operations-amid-cyberattack-recovery
  4. https://www.dnj.com/story/news/2023/06/20/murfreesboro-medical-clinic-alerts-patients-at-risk-after-cyber-attack/70325490007/
  5. https://www.hipaajournal.com/ransomware-attack-results-shutdown-operations-tn-medical-clinic/
  6. https://www.hipaajournal.com/559000-individuals-affected-murfreesboro-medical-clinic-surgicenter-cyberattack/
  7. https://www.jdsupra.com/legalnews/murfreesboro-medical-clinic-surgicenter-1875046/
  8. https://www.campussafetymagazine.com/hospital/murfreesboro-medical-clinic-closes-for-2-weeks-ransomware-attack/
  9. https://www.databreaches.net/murfreesboro-medical-clinic-surgicenter-ransomware-attack-affected-559000-patients/
  10. https://shublawyers.com/current-cases/samantha-holbrook-appointed-to-the-executive-committee-counsel-in-murfreesboro-medical-clinic-data-breach-litigation/
  11. https://www.paubox.com/news/tennessee-clinic-confirms-over-500000-affected-by-ransomware-attack
Breach Submission Date Jun 21, 2023
Converted Entity Name Murfreesboro Medical Clinic & SurgiCenter
Converted Entity Type Healthcare Provider
State TN
Individuals Affected 559,000
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes