Taylor Regional Hospital
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Taylor Regional Hospital Data Breach
Taylor Regional Hospital in Campbellsville, Kentucky, experienced a significant data breach that was first identified on January 20, 2021, when unauthorized activity was detected on its computer systems[1]. The cyberattack brought down the hospital’s computer and phone systems, causing operational disruptions[2].
Breach Timeline and Impact
The unauthorized access to the hospital’s network began on November 2, 2021, and continued until January 19, 2022[5][8]. During this period, cybercriminals exfiltrated certain files from the hospital’s network[5]. The compromised information included patients’ names, addresses, dates of birth, Social Security numbers, insurance details, medical record numbers, and clinical information related to care received at Taylor Regional[5][8][11].
Notification and Legal Action
The hospital began notifying affected patients on March 31, 2022, which was ahead of the 60-day timeline required by the Health Insurance Portability and Accountability Act (HIPAA)[5]. Despite this, Taylor Regional Hospital faced criticism for not beginning to notify victims until April of the same year, five months after the breach began[3]. A proposed class action lawsuit was filed against the hospital, alleging that it failed to reasonably safeguard sensitive patient information and that the hospital’s notice of the breach was deficient in details[3].
Hospital’s Response
In response to the breach, Taylor Regional Hospital has been working to bolster the security of its systems and data stores[5]. The hospital encouraged patients to review statements from their healthcare providers or health insurers to defend against fraudulent activity[5]. However, the hospital did not offer credit monitoring services to the victims and instead encouraged them to monitor their credit themselves[3].
Number of Affected Patients
The breach affected a significant number of patients, with Taylor Regional Hospital notifying 190,209 individuals of the incident[11].
Current Status
As of the latest updates, Taylor Regional Hospital has restored most of its phone lines and has resumed normal operations, although some outages and delays continued to be reported[10]. The hospital has implemented enhanced security controls to prevent future cybersecurity incidents[10].
Patients affected by the breach have been advised to remain vigilant for signs of identity theft or fraud and to report any suspicious activity to their healthcare providers or insurers.
Citations:
- https://www.dataguidance.com/news/usa-taylor-regional-hospital-notifies-ocr-data-security
- https://www.healthcareinfosecurity.com/kentucky-hospital-still-struggles-one-week-after-cyberattack-a-18384
- https://www.classaction.org/news/taylor-regional-hospital-sued-over-2021-2022-patient-data-breach
- https://www.databreaches.net/ky-taylor-regional-hospital-phone-lines-still-down-after-reported-cyberattack-on-monday/
- https://www.scmagazine.com/analysis/amid-recovery-kentucky-hospital-details-cyberattack-discovered-in-january
- https://healthitsecurity.com/news/ky-hospital-systems-still-down-1-week-after-cybersecurity-incident
- https://www.hipaajournal.com/taylor-regional-hospital-still-recovering-from-january-cyberattack/
- https://www.beckershospitalreview.com/cybersecurity/kentucky-hospital-breach-exposed-phi.html
- https://classlawdc.com/2022/04/06/taylor-regional-hospital-data-breach-investigation/
- https://healthitsecurity.com/news/kentucky-tennessee-hospitals-begin-cybersecurity-incident-recovery
- https://www.databreaches.net/55000-there-190000-there-1-8-million-there-and-the-breaches-roll-on/