CCM Health Falls Victim to Data Breach

The breach occurred in April 2023.

By HFT Staff

CCM Health learned certain systems within their network environment were affected by a cybersecurity incident that resulted in the unauthorized access to and/or acquisition of certain files from the network, which occurred between April 3, 2023, and April 10, 2023. As soon as they became aware of this issue, they launched an immediate and thorough investigation and alerted law enforcement. 

As part of the investigation, CCM Health engaged leading third-party cybersecurity professionals experienced in handling these types of incidents. The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. Upon completing the investigation, they identified the files that were subject to unauthorized access and/or acquisition and they determined the impacted files likely contain sensitive data; including personal information and protected health information. They conducted an extensive manual review of the impacted files to determine the scope of the affected information and to identify the individuals to whom the data belongs.  

On February 12, 2024, CCM Health discovered that some of the files contained individual identifiable personal and/or health information. The potentially affected data includes individual names, addresses, dates of birth, driver’s license or other state identification numbers, passport numbers, Social Security numbers, financial account numbers, routing numbers, payment card numbers, health insurance information and medical information. If medical information was involved, this may include a medical record number, patient account number, prescription information, healthcare provider’s name, medical diagnosis, diagnosis code, treatment type, treatment location, treatment date, admission date, discharge date and/or lab results.  

This is not an exhaustive list, nor can CCM Health confirm that each data element was affected as it relates to all affected individuals. They began notifying affected individuals via U.S. mail and will offer complementary credit monitoring services to those whose Social Security numbers were involved. 

CCM Health reminds individuals to remain vigilant in reviewing financial account statements regularly for any fraudulent activity. They also recommend that patients and their families review the explanation of benefits statements and follow up on any items not recognized. 

March 21, 2024

Topic Area: Information Technology , Security

Recent Posts

Suicide Offers Reminder of Need for Hospital Security

The incident did not disrupt patient care.

Cleveland Clinic Implements Flagging System for Violence Prevention: Study

The system flags patients with a history of violence.

Northeast Georgia Medical Center Lumpkin Officially Opens

The new 66,000-square-foot hospital is located in Dahlonega, Georgia.

Group Health Cooperative of South Central Wisconsin Experiences Cyber Incident

The incident happened during the early morning on January 25.

Hospital Websites Too Often Share User Data with Third Parties: Study

User privacy can be compromised by sharing website information with external organizations.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.