Taylor Regional Hospital

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Taylor Regional Hospital Data Breach

Taylor Regional Hospital in Campbellsville, Kentucky, experienced a significant data breach that was first identified on January 20, 2021, when unauthorized activity was detected on its computer systems[1]. The cyberattack brought down the hospital’s computer and phone systems, causing operational disruptions[2].

Breach Timeline and Impact

The unauthorized access to the hospital’s network began on November 2, 2021, and continued until January 19, 2022[5][8]. During this period, cybercriminals exfiltrated certain files from the hospital’s network[5]. The compromised information included patients’ names, addresses, dates of birth, Social Security numbers, insurance details, medical record numbers, and clinical information related to care received at Taylor Regional[5][8][11].

Notification and Legal Action

The hospital began notifying affected patients on March 31, 2022, which was ahead of the 60-day timeline required by the Health Insurance Portability and Accountability Act (HIPAA)[5]. Despite this, Taylor Regional Hospital faced criticism for not beginning to notify victims until April of the same year, five months after the breach began[3]. A proposed class action lawsuit was filed against the hospital, alleging that it failed to reasonably safeguard sensitive patient information and that the hospital’s notice of the breach was deficient in details[3].

Hospital’s Response

In response to the breach, Taylor Regional Hospital has been working to bolster the security of its systems and data stores[5]. The hospital encouraged patients to review statements from their healthcare providers or health insurers to defend against fraudulent activity[5]. However, the hospital did not offer credit monitoring services to the victims and instead encouraged them to monitor their credit themselves[3].

Number of Affected Patients

The breach affected a significant number of patients, with Taylor Regional Hospital notifying 190,209 individuals of the incident[11].

Current Status

As of the latest updates, Taylor Regional Hospital has restored most of its phone lines and has resumed normal operations, although some outages and delays continued to be reported[10]. The hospital has implemented enhanced security controls to prevent future cybersecurity incidents[10].

Patients affected by the breach have been advised to remain vigilant for signs of identity theft or fraud and to report any suspicious activity to their healthcare providers or insurers.

Citations:

  1. https://www.dataguidance.com/news/usa-taylor-regional-hospital-notifies-ocr-data-security
  2. https://www.healthcareinfosecurity.com/kentucky-hospital-still-struggles-one-week-after-cyberattack-a-18384
  3. https://www.classaction.org/news/taylor-regional-hospital-sued-over-2021-2022-patient-data-breach
  4. https://www.databreaches.net/ky-taylor-regional-hospital-phone-lines-still-down-after-reported-cyberattack-on-monday/
  5. https://www.scmagazine.com/analysis/amid-recovery-kentucky-hospital-details-cyberattack-discovered-in-january
  6. https://healthitsecurity.com/news/ky-hospital-systems-still-down-1-week-after-cybersecurity-incident
  7. https://www.hipaajournal.com/taylor-regional-hospital-still-recovering-from-january-cyberattack/
  8. https://www.beckershospitalreview.com/cybersecurity/kentucky-hospital-breach-exposed-phi.html
  9. https://classlawdc.com/2022/04/06/taylor-regional-hospital-data-breach-investigation/
  10. https://healthitsecurity.com/news/kentucky-tennessee-hospitals-begin-cybersecurity-incident-recovery
  11. https://www.databreaches.net/55000-there-190000-there-1-8-million-there-and-the-breaches-roll-on/
Breach Submission Date Mar 21, 2022
Converted Entity Name Taylor Regional Hospital
Converted Entity Type Healthcare Provider
State KY
Individuals Affected 190,209
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes