By HFT Staff

On or around October 10, 2023, Scurry County Hospital District dba Cogdell Memorial Hospital (Cogdell), discovered certain unusual activity within its computer systems. Upon discovery, Cogdell immediately secured its network, reset passwords and engaged a third-party forensic firm to investigate the incident. Following a thorough investigation, Cogdell confirmed that a limited amount of protected health information may have been accessed in connection with this incident. 

Although the forensic investigation could not rule out the possibility that an unknown actor may have accessed this information, there is no indication whatsoever that any information has been misused at this time. The type of information contained within the affected data included patient names, addresses, dates of birth, Social Security numbers, medical record numbers, and medical treatment information.  Importantly, the information potentially impacted may vary for each individual, and may include all, or just one, of the above-listed types of information. 

Upon learning of the potential access of information, Cogdell immediately undertook a thorough review process to identify what type of information was present within the potentially impacted files, and to whom that information belonged. In addition, Cogdell worked diligently to identify contact information for those potentially impacted individuals in order to provide them with notice of the incident. That process was completed on January 17, 2024. Cogdell has notified potentially affected individuals as quickly as possible via U.S. mail to their most recent address on file. In an abundance of caution, Cogdell has provided potentially impacted individuals with complimentary credit monitoring services. 

In response to this incident, Cogdell has implemented additional security measures within its network and facilities and is reviewing its current policies and procedures related to data security.  Although Cogdell has no evidence of actual misuse of information due to this incident, patients are encouraged to monitor their account statements and explanation of benefits forms for suspicious activity and detect errors.