Southern Ohio Medical Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Southern Ohio Medical Center (SOMC) in Portsmouth, Ohio, experienced a significant cyberattack on the morning of Thursday, November 11, 2021. This attack led to the hospital diverting ambulances to other hospitals as it worked to resolve the situation[1][8][10][12][16]. The cyberattack was targeted and resulted in SOMC’s computer servers being accessed by an unauthorized third party[8][16]. The hospital’s clinical systems were down, causing some procedures to be rescheduled, although it was reported that inpatient care was not affected[8][12][16].

In the aftermath of the cyberattack, SOMC worked with federal law enforcement and internet security firms to investigate the breach[8][16]. The incident was part of a larger trend of healthcare data breaches in Ohio and across the United States, where healthcare organizations are frequently targeted due to the sensitive patient information they hold[3][5].

In 2022, SOMC reported a network server breach as part of a larger list of healthcare data breaches in Ohio. This specific breach affected 15,136 individuals and was reported on April 26, 2022[3][5][7]. The type of breach was categorized as a Hacking/IT Incident[5][7].

Furthermore, there was a class action lawsuit settlement related to a data breach involving Bricker & Eckler, a law firm that provides legal services to healthcare systems including SOMC. The law firm experienced a ransomware attack in January 2021, which compromised the personal, medical, or financial information of individuals. Bricker & Eckler agreed to a $1.95 million settlement to resolve claims from the data breach[4][15].

Victims of the breach were eligible for compensation, and the deadline to submit a claim form expired on December 21, 2022[4][15]. The settlement provided cash reimbursement for unreimbursed and documented out-of-pocket losses and extraordinary out-of-pocket losses incurred due to the incident, as well as cash reimbursement for undocumented and documented time spent related to the incident[4][15].

Citations:

  1. https://www.hipaajournal.com/southern-ohio-medical-center-diverts-ambulances-due-to-cyberattack/
  2. https://www.wowktv.com/news/health/southern-ohio-medical-center-faces-targeted-cyber-attack/
  3. https://www.cleveland.com/news/2023/08/these-were-the-10-biggest-healthcare-data-breaches-in-ohio-last-year.html
  4. https://www.southernohiohealthsystemsdatabreachsettlement.com
  5. https://fox8.com/news/the-biggest-health-care-data-breaches-you-should-know-about-in-ohio/
  6. https://www.gs-legal.com/court-preliminarily-approves-1-95-million-settlement-in-in-re-southern-ohio-health-systems-data-breach-litigation/
  7. https://www.ohioattorneygeneral.gov/Media/News-Releases/October-2023/AG-Yost-Announces-Data-Breach-Settlement-with-Heal
  8. https://www.wowktv.com/news/health/southern-ohio-medical-center-diverting-ambulances-after-apparent-cyber-attack/
  9. https://www.cbsnews.com/news/prospect-medical-cyberattack-california-pennsylvania-hospital/
  10. https://spectrumnews1.com/oh/columbus/news/2021/11/18/southern-ohio-medical-center-cyberattack-impacts-hospital
  11. https://www.daytondailynews.com/gdpr.html
  12. https://www.wsaz.com/2021/11/11/somc-experiencing-an-unplanned-downtime-clinical-systems/
  13. https://www.wowktv.com/ohio-3/somc-still-dealing-with-effects-of-cyber-attack/
  14. https://www.somc.org/patients-visitors/privacy/
  15. https://topclassactions.com/lawsuit-settlements/closed-settlements/bricker-eckler-data-breach-1-9m-class-action-settlement/
  16. https://www.10tv.com/mobile/article/news/local/cyberattack-southern-ohio-medical-center-portsmouth/530-10b689f9-e2a1-463a-ad07-2e4783fc0a23
Breach Submission Date Jun 08, 2022
Converted Entity Name Southern Ohio Medical Center
Converted Entity Type Healthcare Provider
State OH
Individuals Affected 1,333
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes