Pemiscot Memorial Health System recently discovered that an unauthorized individual gained access to 33,279 patients’ data.
What happened
On August 9, 2024, Pemiscot Memorial Health System, based in Hayti, Missouri, reported a data breach to the U.S. Department of Health and Human Services Office for Civil Rights after an unauthorized party accessed 33,279 patients’ protected health information (PHI).
The breach prompted an investigation to assess the extent, and the organization has started notifying the affected individuals.
However, the exact details of the breach, like how it happened and what specific information was leaked, have not yet been made public.
By the numbers
- Pemiscot Memorial Health System operates a 101-bed facility.
- The health system includes 10 locations and employs over 85 staff members.
- The organization generates approximately $12 million in annual revenue.
In the know
Protected health information (PHI) includes any health information linked to an individual, whether it is stored electronically, on paper, or communicated verbally. PHI can include patient names, addresses, birth dates, Social Security numbers, medical records, lab results, and insurance details.
The Health Insurance Portability and Accountability Act (HIPAA) mandates healthcare providers, insurers, and their business associates to safeguard PHI from unauthorized access, use, or disclosure.
Related: HIPAA Compliant Email: The Definitive Guide
Why it matters
Cybercriminals often target the healthcare industry because patient records contain a large amount of personal and financial information. These criminals then sell the data on the dark web for profit, making healthcare organizations a prime target for ransomware attacks and data breaches.
Moreover, as healthcare providers increasingly rely on digital platforms like electronic health records (EHR), the risk of data breaches escalates.
The bottom line
Patients who receive a breach notification from Pemiscot Memorial Health System must monitor their accounts and report suspicious activity. Additionally, these patients can explore their legal options for damages incurred.
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access to, uses, or discloses protected health information (PHI) without permission. Examples of breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
Are there any costs associated with placing a fraud alert or credit freeze?
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.
