Columbus Regional Healthcare System discovered unauthorized access to their network occurred between May 19 and May 21, 2023.
They immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise of the information on their network.
Based on their comprehensive investigation and document review, which concluded on December 28, 2023, they discovered that a limited amount of personal information was removed from their network in connection with this incident, including full names and one or more of the following: Social Security numbers, dates of birth, driver’s license numbers or state identification numbers, passport numbers, alien registration numbers, financial account information, medical information (date of service, treatment/diagnosis information, medical record number, patient account number, and/or prescription information) and/or health insurance policy information.
To date, they are not aware of any reports of identity fraud or improper use of any information as a direct result of this incident. They provided written notification of this incident commencing on or about January 19, 2023, to all those potentially impacted to the extent they had a last known home address. The notice letter specifies steps affected individuals may take in order to protect themselves, including enrolling in complimentary credit monitoring services (if Social Security number was impacted), placing a fraud alert/security freeze on their credit files, obtaining free credit reports, remaining vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity, and taking steps to safeguard against medical identity theft.