DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FBI alerts Owensboro Health to Breach at Muhlenberg Hospital; Breach Began in January, 2012

Posted on November 13, 2015 by Dissent

The breach in question may have begun in January, 2012, years before OH Muhlenberg acquired Muhlenberg Community Hospital, but it potentially impacted all patients, all payment guarantors, employees and some credentialed providers after that date and before OH Muhlenberg learned of the breach and contained it. This incident does not yet appear on HHS’s public breach tool, so the number potentially impacted is not known as of the time of this posting. Update: The breach impacted 84,681 patients.

OH Muhlenberg, LLC issued the following press release today:

Today, OH Muhlenberg, LLC announced that its hospital located in Greenville, KY, has experienced a security incident affecting some of the hospital’s computers. The hospital is providing notice to individuals that may have been affected by the incident and offering one year of complimentary identity protection services to those individuals. The hospital regrets any inconvenience or concern this incident may cause.

OH Muhlenberg, LLC acquired the Muhlenberg Community Hospital operations on July 1, 2015. Prior to that time, the hospital had been owned and operated by Muhlenberg Community Hospital since 1938. As part of the acquisition, OH Muhlenberg, LLC acquired substantially all of the assets of the hospital in Muhlenberg, including its computer systems, patient records and other records.

On September 16, 2015, the Federal Bureau of Investigation (FBI) notified the hospital of suspicious network activity involving third parties. Upon learning this information, the hospital took immediate action, including initiating an internal investigation and engaging a leading digital forensics and security firm to investigate this matter. Based upon this review, the hospital confirmed that a limited number of computers were infected with a keystroke logger designed to capture and transmit data as it was entered onto the affected computers. The infection may have started as early as January 2012.

The hospital understands the importance of protecting the privacy and security of its providers’, patients’ and employees’ information. Upon learning of the incident, the hospital took prompt steps to address and contain it, including immediately blocking the external unauthorized IP addresses, taking steps to disable the malware and continuing to enhance the security of its systems moving forward.

The affected computers were used to enter patient financial data and health information, information about persons responsible for a patient’s bill and employee/contractor data, including potentially name, address, telephone number(s), birthdate, Social Security number, driver’s license/state identification number, medical and health plan information (such health insurance number, medical record number, diagnoses and treatment information, and payment information), financial account number, payment card information (such as primary account number and expiration date) and employment-related information. Additionally, some credentialing-related information for providers may be impacted. The hospital also believes that the malware could have captured username and password information for accounts or websites that were accessed by employees, contractors or providers using the affected terminals. The hospital has no indication that the data has been used inappropriately.

However, out of an abundance of caution, OH Muhlenberg, LLC is providing notice to individuals whose information was maintained in the hospital’s electronic patient records database; persons employed by or contracted for specific services by the hospital on and after January 1, 2012; as well as providers who were credentialed or re-credentialed for privileges at the hospital in 2012.

More information for potentially affected individuals, including on ways to help protect themselves, is available on the hospital’s website: www.owensborohealth.org/muhlenbergprivacy. Affected individuals with questions should call 877-271-1568 from anywhere within the United States or at 503-520-4450 from outside the United States (tolls may apply), Monday-Friday, from 9 a.m. – 9 p.m. EST.

Owensboro Health Muhlenberg Community Hospital is a 135-bed, acute care hospital committed to healing the sick and improving the health of the communities we serve. Now part of Owensboro Health, the hospital has been the healthcare leader in the community for more than 78 years. Services include acute care, surgery, a long term care facility, home health, Rapid Care, Pain Management Center, Wound Care Center, rehabilitation services, sports medicine, emergency services, Occupational Health Screening Center, one of two Coal Miners’ Respiratory Clinics in Kentucky, and a Sleep Lab. The hospital has over 500 staff members, two specialists and five family and internal medicine practices. Visit: www.owensborohealth.org for additional information.

SOURCE: Owensboro Health

Related posts:

  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Connexin Software notifies parents of 2.2 million pediatric patients of hack
Category: Health DataMalwareOf Note

Post navigation

← UK: Nutmeg customers caught in data breach
MoD-founded firm Niteworks loses login creds of UK defence folk →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.