UPDATED May 17, 2022: This incident was reported to the Maine Attorney General’s Office as affecting 98,746 patients. The “501” marker submitted to HHS on February 11, 2022 has not yet been updated on HHS’s website.
Another disclosure heading into the weekend, but credit to them for getting a notification within one month of discovery.
MARIANNA, Fla., Feb. 11, 2022 /PRNewswire/ — Jackson County Hospital District (“Jackson Hospital”) is providing notice of a recent incident that may impact the privacy of some personal and/or medical information. Jackson Hospital is unaware of any misuse of individual information and is providing this notice out of an abundance of caution.
On or about January 9, 2022, Jackson Hospital observed unusual activity related to the inaccessibility of certain systems within its network. Jackson Hospital immediately began to investigate to better understand the nature and scope of this activity. The preliminary internal investigation revealed several systems were potentially subject to unauthorized access. Jackson Hospital began working with outside forensic specialists to determine the full scope and impact of this incident. On or about January 11, 2022, the investigation confirmed an unknown actor accessed Jackson Hospital’s systems and took certain, limited data from its systems. Jackson Hospital took immediate steps to contain the threat and enable hospital operations, including services to patients, to continue uninterrupted. A full investigation was simultaneously launched, designed to understand the nature and scope of what occurred, what information was stored on its impacted systems at the time of the incident, and to whom that information relates. The investigation remains ongoing at this time.
The types of personal information that may have been accessible to the unauthorized actor include: name, address, date of birth, contact information, Social Security number, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number, financial account information, and username/password.
Jackson Hospital takes the incident and security of personal information in its care seriously. Since discovering this incident, Jackson Hospital launched an extensive investigation, working with third-party specialists to assess the security of relevant systems and reduce the likelihood of a similar future incident. As part of its ongoing commitment to the privacy of personal information in its care, Jackson Hospital is working to review its existing policies and procedures and to implement additional administrative and technical safeguards to further secure the information in its systems. Jackson Hospital also notified federal law enforcement, the U.S. Department of Health and Human Services, and other state regulators.
Although Jackson Hospital is unaware of the misuse of any personal information impacted by this incident, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity. Any suspicious activity should be reported to the appropriate insurance company, health care provider, or financial institution.
Individuals seeking additional information regarding this incident can call Jackson Hospital’s dedicated, toll-free number at 855-604-1840, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern time (except major U.S. holidays) or visit Jackson Hospital’s website at https://www.jackson-hospital.com. Individuals may also write to Jackson Hospital’s Privacy Officer at 4250 Hospital Drive, Marianna, Florida 32446.
Jackson Hospital is committed to safeguarding personal information and will continue its ongoing efforts to enhance the protections in place to secure the information in its care.
SOURCE Mullen Coughlin LLC
Jackson’s submission to HHS has not yet been posted by HHS on their public breach tool, so this post will be updated with the number affected after that is revealed.
Did Jackson pay any ransom demand? Their release is silent as to whether they received a demand and any response to it. So far, this incident has not shown up on any of the dedicated leak sites routinely checked by DataBreaches.net.