KWCH reports:
A Kansas health clinic issued a notice to federal law enforcement about a data breach that happened late last year. The Hutchinson Clinic said around Dec. 21, it was made aware of suspicious activity related to its computer systems.
The clinic said a hacker they labeled “an unauthorized actor” had the ability to acquire information that included names, contact information, Social Security numbers, driver’s license numbers, health insurance information and physician names.
Read more at MSN.
On February 17, the clinic posted a notice on its website about the incident, which is still under investigation. They wrote, in part:
What Happened? On or about December 21, 2022, we became aware of suspicious activity related to certain Hutchinson Clinic computer systems. We immediately launched an investigation, with the assistance of third-party forensic specialists, to secure our network and to determine the nature and scope of the activity. Through the investigation, it was determined that there was unauthorized access to Hutchinson Clinic’s network between December 19, 2022, and December 21, 2022. The unauthorized actor had the ability to acquire certain information stored on the network during the period of access. Therefore, we undertook a comprehensive review of the at-risk files to identify those current and former patients, and any current and former employees, whose information may have been impacted by this event. Once this comprehensive review is complete, we will continue to work as quickly as possible to mail a notification letter directly to potentially impacted individuals, which will include resources that individuals can reference to further protect their information.
Which Patients / What Information was Affected? The type of potentially impacted information may vary by individual but includes name, contact information, date of birth, Social Security number, driver’s license number, health insurance information, medical record number (MRN), medical history, diagnosis, and treatment information, and physician name.
Their notice indicates that neither patients nor HHS has been notified as yet.