Native American Health Center Falls Victim to Cyberattack

The incident occurred on November 19, 2023.

By HFT Staff

Native American Health Center (NAHC) has become aware of a data security Incident that may have resulted in an unauthorized access to sensitive personal information.  

On November 19, 2023, NAHC was the victim of a cybersecurity incident. Upon discovery of this incident, NAHC immediately disconnected all access to the network and promptly engaged a specialized third-party cybersecurity firm to assist with securing the environment, as well as, to conduct a comprehensive forensic investigation to determine the nature and scope of the incident.  

In January 2024, the forensic investigation found evidence to suggest that some NAHC files were accessed by an unauthorized actor. Based on the findings of the forensic investigation, NAHC began an extensive and comprehensive review of the potentially affected files and folders to identify what information was impacted. This review identified that some individuals’ information may have been impacted by this incident. On May 28, 2024, NAHC finalized the list of individuals to notify and identified their addresses to the extent available. Notice was mailed out to identified individuals on June 3, 2024.  

The information impacted varied by individuals but included name, address, medical information, or Social Security number. A formal notice letter has been sent to those who have had their sensitive information impacted, and the identified the types of information involved.  

Upon discovery of the Incident, NAHC moved quickly to investigate and respond to the Incident and assessed the security of its systems. Specifically, NAHC took the following steps, including but not limited to: implement a comprehensive measure to replace all hard drives in every workstation to enhance overall security; continue the use of multifactor authentications for all logins, a measure already in place prior to the breach; continue annual HIPAA privacy & security risk assessments; extend the deployment of a multifactor authentication system that will replace the use of passwords with the scan of a fingerprint of tap of a badge (currently in pilot in select departments); uphold restricted access to all IT department offices & server rooms for heightened physical activity; maintain the practice of restricted access & ongoing monitoring for buildings and sites equipped with key card access, ensuring controlled and monitored entry; and conduct ongoing annual reviews of policies, procedures, employee training programs that cover cybersecurity, HIPAA compliance & privacy, took steps and will continue to take steps to mitigate the risk of future harm. 

June 13, 2024

Topic Area: Information Technology , Security

Recent Posts

Ensuring Efficiency Despite Healthcare Labor Gaps

Managers need to begin prioritizing hiring new talent so efficiency doesn’t drop.

UCSF Benioff Children's Hospital Oakland Approved for Modernization Project

The modernized facility is slated to open in 2030.

Skills Gap Remains Wide in Facilities Management

Many candidates lack the skills that are needed to be a facilities manager.

Memorial Hermann Cypress Hospital Announces Expansion Project

The project will add 58 beds and 347,000 square feet of new and renovated service areas.

3 Key Roles Doors Play in Healthcare Facilities

From securing areas to reducing infection spread, doors play many parts in a healthcare facility’s operations.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.