DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FBI alerts Owensboro Health to Breach at Muhlenberg Hospital; Breach Began in January, 2012

Posted on November 13, 2015 by Dissent

The breach in question may have begun in January, 2012, years before OH Muhlenberg acquired Muhlenberg Community Hospital, but it potentially impacted all patients, all payment guarantors, employees and some credentialed providers after that date and before OH Muhlenberg learned of the breach and contained it. This incident does not yet appear on HHS’s public breach tool, so the number potentially impacted is not known as of the time of this posting. Update: The breach impacted 84,681 patients.

OH Muhlenberg, LLC issued the following press release today:

Today, OH Muhlenberg, LLC announced that its hospital located in Greenville, KY, has experienced a security incident affecting some of the hospital’s computers. The hospital is providing notice to individuals that may have been affected by the incident and offering one year of complimentary identity protection services to those individuals. The hospital regrets any inconvenience or concern this incident may cause.

OH Muhlenberg, LLC acquired the Muhlenberg Community Hospital operations on July 1, 2015. Prior to that time, the hospital had been owned and operated by Muhlenberg Community Hospital since 1938. As part of the acquisition, OH Muhlenberg, LLC acquired substantially all of the assets of the hospital in Muhlenberg, including its computer systems, patient records and other records.

On September 16, 2015, the Federal Bureau of Investigation (FBI) notified the hospital of suspicious network activity involving third parties. Upon learning this information, the hospital took immediate action, including initiating an internal investigation and engaging a leading digital forensics and security firm to investigate this matter. Based upon this review, the hospital confirmed that a limited number of computers were infected with a keystroke logger designed to capture and transmit data as it was entered onto the affected computers. The infection may have started as early as January 2012.

The hospital understands the importance of protecting the privacy and security of its providers’, patients’ and employees’ information. Upon learning of the incident, the hospital took prompt steps to address and contain it, including immediately blocking the external unauthorized IP addresses, taking steps to disable the malware and continuing to enhance the security of its systems moving forward.

The affected computers were used to enter patient financial data and health information, information about persons responsible for a patient’s bill and employee/contractor data, including potentially name, address, telephone number(s), birthdate, Social Security number, driver’s license/state identification number, medical and health plan information (such health insurance number, medical record number, diagnoses and treatment information, and payment information), financial account number, payment card information (such as primary account number and expiration date) and employment-related information. Additionally, some credentialing-related information for providers may be impacted. The hospital also believes that the malware could have captured username and password information for accounts or websites that were accessed by employees, contractors or providers using the affected terminals. The hospital has no indication that the data has been used inappropriately.

However, out of an abundance of caution, OH Muhlenberg, LLC is providing notice to individuals whose information was maintained in the hospital’s electronic patient records database; persons employed by or contracted for specific services by the hospital on and after January 1, 2012; as well as providers who were credentialed or re-credentialed for privileges at the hospital in 2012.

More information for potentially affected individuals, including on ways to help protect themselves, is available on the hospital’s website: www.owensborohealth.org/muhlenbergprivacy. Affected individuals with questions should call 877-271-1568 from anywhere within the United States or at 503-520-4450 from outside the United States (tolls may apply), Monday-Friday, from 9 a.m. – 9 p.m. EST.

Owensboro Health Muhlenberg Community Hospital is a 135-bed, acute care hospital committed to healing the sick and improving the health of the communities we serve. Now part of Owensboro Health, the hospital has been the healthcare leader in the community for more than 78 years. Services include acute care, surgery, a long term care facility, home health, Rapid Care, Pain Management Center, Wound Care Center, rehabilitation services, sports medicine, emergency services, Occupational Health Screening Center, one of two Coal Miners’ Respiratory Clinics in Kentucky, and a Sleep Lab. The hospital has over 500 staff members, two specialists and five family and internal medicine practices. Visit: www.owensborohealth.org for additional information.

SOURCE: Owensboro Health

Category: Health DataMalwareOf Note

Post navigation

← UK: Nutmeg customers caught in data breach
MoD-founded firm Niteworks loses login creds of UK defence folk →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.