Posted On January 8, 2023 Consumer Privacy & Data Breaches
January 8, 2023 – Howard Memorial Hospital announced a data breach on its website on December 29, 2022. According to the notice, the hospital received reports of a cyberattack on its computer network resulting in stolen patient and employee information. The current and former employee information that was accessed was full names, Social Security numbers, dates of birth, contact information, and direct deposit bank account information. The patient information that was accessed was full names, Social Security numbers, dates of birth, contact information, medical record numbers, health insurance information, medical histories, treatment information, physicians’ names, and diagnoses. After confirming the data leak, Howard Memorial sent notification letters to all affected individuals.
The investigation by the data breach lawyers at Console & Associates, P.C. into the data breach at Howard Memorial Hospital is ongoing. If you are a victim of the breach and have received a notification letter, your confidential information may have been leaked to an unauthorized party. We offer free consultations to victims of the breach to help them learn about their options, what they can do to protect themselves, and if they can pursue a lawsuit and receive financial compensation from Howard Memorial Hospital.
Howard Memorial Hospital is a not-for-profit Critical Access Hospital that provides services such as emergency, in- and out-patient, surgical, rehabilitation, and telehealth to residents in and surrounding Nashville. Located in Nashville, Arkansas, Howard Memorial Hospital employs over 331 people and generates approximately $117 million in revenue annually.
Information provided by the Howard Memorial Hospital website notice informs us that the hospital became aware of the breach on December 4, 2022, after detecting suspicious activity on its computer system. An anonymous party also came forward and took credit for the breach around the same time. Howard Memorial then ensured the security of its system and began working with cyber specialists to investigate the breach.
Howard Memorial Hospital confirmed the breach and reviewed the files to determine that the information leaked was current and former employees’ full names, Social Security numbers, dates of birth, contact information, and direct deposit bank account information. Patient information was leaked as well, including full names, Social Security numbers, dates of birth, contact information, medical record numbers, health insurance information, medical histories, treatment information, physicians’ names, and diagnoses.
On December 29, 2022, Howard Memorial Hospital sent letters informing affected individuals of the breach. There has been no mention of how many victims there are in total as yet.
Typically, a hospital like Howard Memorial is trusted by patients and employees alike to ensure the safety and security of confidential information. This breach has called that assumption into question. Your information may not be in the hands of hackers looking to commit crimes with your information. They may also be looking to profit by selling your information on the dark web for others to commit crimes in your name. Such information that has been stolen can be used to commit any number of crimes, including fraud and identity theft.
As a victim of such theft, there is nothing you could have done to prevent this, relying solely on Howard Memorial to keep your information safe. If an investigation into this breach brings any negligence to light on the part of Howard Memorial, you may be entitled to financial compensation from the hospital through a data breach lawsuit.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Howard Memorial Hospital data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a notice posted on their website:
December 29, 2022 – Howard Memorial Hospital (“HMH”), is issuing notice of a recent data security event, which is still under investigation, that may impact the confidentiality and security of information related to certain patients as well as current or former employees of HMH. As we continue to investigate and work toward notifying impacted patients directly, we are providing information about the event, our response, and steps potentially impacted individuals can take to better protect against the possibility of identity theft and fraud, should they feel it is appropriate to do so.
What Happened? On December 4, 2022, HMH became aware of suspicious activity within its computer network, and allegations made by an unknown actor that data had been stolen from the HMH network. Steps were promptly taken to secure HMH’s network, and an investigation began with assistance from outside cybersecurity specialists to determine the nature and scope of this activity and to safely maintain full operational functionality so HMH could continue to treat patients. Although our investigation is still ongoing, we learned that certain files were potentially stolen from our network by an unknown actor between November 14, 2022 and December 4, 2022.
HMH is working diligently to perform a comprehensive review of at-risk files in order to identify those current and former patients, and any current and former employees, whose information may have been impacted by this event. Once this comprehensive review is complete, HMH will continue to work as quickly as possible to mail a notification letter directly to potentially impacted individuals, which will include access to free credit monitoring and identity protection services.
Which Patients / What Information was Affected? The types of information potentially impacted for patients includes name, contact information, date of birth, Social Security number, health insurance information, medical record number (MRN), medical history, diagnosis, treatment information, and physician name The types of information potentially impacted for current and former HMH employees includes name, contact information, date of birth, Social Security number, and direct deposit bank account information
What We are Doing. HMH takes this event and the security of your information seriously. Upon learning of this event, we immediately took steps to secure our network and ensure that we could maintain operations in a safe and secure fashion. As part of our ongoing commitment to the privacy of personal information in our care, we are working to review our existing policies and procedures and to implement additional administrative and technical safeguards to further secure the information on our systems. Notice was also provided to federal law enforcement and will be provided to the U.S. Department of Health and Human Services.
What Affected Individuals Can Do. Potentially affected current and former patients or employees of HMH are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity and to report any suspicious activity promptly to your insurance company, health care provider, or financial institution Additional detail can be found below in the Steps You Can Take to Help Protect Your Information and in the notification letters that will be sent to affected individuals.
For More Information. If you have additional questions, please call a dedicated assistance line we have established at 1-833-570-2728, 7:00 AM – 7:00 PM Central, Monday through Friday.