On September 8, 2024, Great Plains Regional Medical Center suffered a ransomware attack on their computer system. They secured their systems and began an investigation with the help of a cybersecurity firm. This investigation showed that an unknown person accessed and encrypted files on their systems between September 5, 2024, and September 8, 2024. They learned that the bad actor copied some of those files. They quickly restored their systems and returned to normal operations, but they also determined that a limited amount of patient information was not recoverable.
The patient information varied by individual, but may have included: name, demographic information, health insurance information, clinical treatment information, such as diagnosis and medication information, driver’s license number, and/or in some instances, Social Security number.
They are mailing letters to affected patients and offering free credit monitoring to those whose Social Security number or driver’s license number may have been involved.
To help prevent something like this from happening in the future, Great Plains Regional Medical Center has and will continue to take steps to enhance the security of their systems.
ISSA Introduces Healthcare Platform to Advance Safer, Cleaner Patient Environments
Third-Party Tracking Settlement is a Compliance Wake-Up Call for Healthcare Facilities Managers
ECU Health Behavioral Health Hospital Hosts Ribbon-Cutting Ceremony for New Facility
Aspire Rural Health System Reports Data Security Incident
Fatal Flaws: Strategies for Active Attackers