Howard Memorial Hospital (HMH) was made aware of suspicious activity within its computer network, and data was reportedly stolen.
The hospital took steps to promptly secure its network, and an investigation began with assistance from outside cybersecurity specialists to determine the nature and scope of the activity.
Certain files were potentially stolen from the network between Nov. 14 and Dec. 4, 2022. Notice of the breach was provided to federal law enforcement and will be provided to the U.S. Department of Health and Human Services. The data security event is still under investigation.
Potential information that was affected include:
- patient names
- contact information
- dates of birth
- Social Security numbers
- health insurance information
- medical record number
- medical history
- treatment information
- physician names
- banking information.
Cybersecurity events have increased over the last year. The FBI has recommended the following protocols to help lower the risk of a breach:
- Have a contingency plan in place.
- Keep all operating systems up to date.
- Implement a user training program and phishing exercises.
- Require strong, unique passwords for all accounts with password logins.
- Require multi-factor authentication.
- Maintain offline — i.e., physically disconnected — backups of data, and regularly test backup and restoration.
- Ensure all backup data is encrypted.
- Protect cloud storage by backing up to multiple locations, requiring MFA for access and encrypting data in the cloud.