Newman Regional Health (NRH) is notifying more than 52,000 patients after an investigation revealed unauthorized access to a limited number of their employee e-mail accounts between January 26, 2021 and November 23, 2021.
NRH is not a large hospital. According to their site, the Kansas hospital is a not-for-profit 25-bed critical access hospital, owned by the citizens of Lyon County Kansas. NRH describes itself as having an excellent reputation for clinical care both within the state and nationally.
An FAQ on the incident, created by IDX for the Kansas hospital, does not reveal when NRH first discovered any unauthorized access. Nor does it explain how unauthorized access went on for so long without being detected sooner.
According to the FAQ, the type of information contained in the email accounts varied for each affected individual, but may have included:
individuals’ names; dates of birth; medical record or other identification numbers; addresses, phone numbers, or e-mail addresses; limited heath, treatment or insurance information; or employee information collected in connection with an individual’s receipt of services from or employment with NRH. A limited group of individuals may have social security number or financial information affected. We are in the process of notifying affected individuals, including details regarding the information that was involved.
NRH does not describe any specific measures it is taking to prevent a similar incident from occurring in the future. It simply asserts that it has taken steps to prevent similar incidents in the future.