By HFT Staff

This notice is from Cumberland County Hospital (CCH) about a data security incident that may have exposed some personal information. For this reason, CCH is providing this substitute notice to explain what happened, what steps we are taking in response to the security incident and to share resources with people who believe their personal data was potentially affected. 

On April 3, 2025, CCH discovered unauthorized access by a third party to their computer system. They immediately shut down all computers, disabled data sharing connections, contacted law enforcement and began investigating. Their IT team worked around the clock with outside cybersecurity experts to restore secure access, to determine what happened and to implement enhanced measures to prevent a similar incident from happening again. Cybersecurity experts determined that the unauthorized access to their computer system began on February 21, 2025 and ended on April 3, 2025. 

The electronic medical records system that CCH and its partners use to record and bill for patient care was not involved or accessed in this incident. However, there was unauthorized access to other files on their computer system that contain personally identifiable information, including health information. The information involved varies by individual but may have included demographic information (such as name, date of birth, address, phone number, email address, race or ethnicity), Social Security number, medications, diagnoses, treatment notes, dates of service, medical record number, health plan number, claims and billing information. For current and former CCH employees, additional information may have included employment information (such as driver’s license, birth certificate, background check information, W-4s and W-2s and bank account numbers).