Norwood Clinic in Birmingham, Alabama is notifying 228,103 patients of a hacking incident that left them unable to determine what, if anything, had been accessed.
In a notification to the Maine Attorney General’s Office, the clinic’s external counsel reported that the breach began on September 20 and was discovered on October 22. The types of patient information that may have been accessed included name, contact information, date of birth, Social Security number, Driver’s License number, limited health information, and/or health insurance policy number.
In their notice to patients, a copy of which was posted on their website, they write that despite efforts by cybersecurity experts hired to help investigate the incident
the investigation was unable to confirm the specific information that may have been accessed. Therefore, out of an abundance of caution, Norwood is providing notice to all of its patients, regardless of whether their information was in fact subject to unauthorized access or acquisition. Norwood has no reason to believe that any individual’s information has been misused as a result of this event.
Patients are being offered credit monitoring services.