McPherson Hospital in Kansas has recently issued notification letters to 19,020 patients to alert them about a July 2022 ransomware attack. According to the breach notifications, third-party cybersecurity experts were engaged to investigate the data breach to determine the extent of the unauthorized activity and help with securing its systems. The internal investigation concluded on March 15, 2023, that patient data may have been acquired, including names, dates of birth, Social Security numbers, medical treatment information, billing information and health insurance information. Notification letters were sent in early May, almost 10 months after the attack.
Affected individuals have been offered complimentary single-bureau credit monitoring services. McPherson Hospital said its technical safeguards have been reviewed and enhanced to prevent similar incidents in the future.