Posted On February 24, 2023 Consumer Privacy & Data Breaches
February 24, 2023 – Hutchinson Clinic, P.A. posted notice of a data breach on its website on February 17, 2023. According to the notice, confidential patient information was leaked, including names, Social Security numbers, dates of birth, contact information, health insurance information, medical history, medical record numbers, diagnoses, treatment information, and contact information. After confirming that there was a data leak, Hutchinson Clinic sent out notification letters to all individuals affected by the data breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the data breach at Hutchinson Clinic. If you have received a breach notification, your information may have been leaked to an unauthorized party. If you are interested in learning about what you can do to protect yourself, the risks of identity theft and fraud, and whether you can receive financial compensation from Hutchinson Clinic, we are offering free consultations where we can discuss your legal options.
Hutchinson Clinic, P.A. is a healthcare organization. Originally founded in 1959 and based in Hutchinson, Kansas, Hutchinson Clinic now has two other locations in South Hutchinson and Cheney. The healthcare provider employs over 600 staff and 100 doctors across 100 clinical departments, and generates approximately $36 million in revenue annually.
The information provided is from a notice posted on Hutchinson Clinic’s website. According to the notice, on December 21, 2022, Hutchinson’s computer network was subject to a data security incident. The hospital ensured the security of its network and began working with third-party cybersecurity specialists to investigate the attack and determine what, if any, information had been leaked.
Hutchinson Clinic reviewed the files and determined that between December 19, 2022 and December 21, 2022, an unauthorized third party had gained access to patient files containing sensitive information, including names, Social Security numbers, dates of birth, contact information, health insurance information, medical history, medical record numbers, diagnoses, treatment information, and contact information.
On February 17, 2023, Hutchinson Clinic sent out data breach notification letters to any individuals whose sensitive information had been compromised.
Hackers gained unauthorized access to Hutchinson Clinic’s computer system and leaked the information. While Hutchinson Clinic was also a victim of the breach, they were also responsible for securing the information and preventing such an attack. As a patient who has given and trusted Hutchinson Clinic to keep your information secure, there is nothing you could have done to stop it. The duty of defending against cyberattacks lies upon Hutchinson Clinic. They are the first and last defense against hackers looking to steal your protected health information and prevent criminals from committing identity theft or fraud.
An investigation is ongoing into the details of the attack, as well as whether Hutchinson Clinic was negligent. Negligence may include not taking the proper preventative measures, such as employee training to recognize and report phishing, or maintaining cybersecurity. If such evidence comes to light, you may be eligible for financial recompense from Hutchinson Clinic.
If you have received a notification letter that you are a victim of the data breach, it is crucial that you know your rights as a victim of the attack.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Hutchinson Clinic data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the notice posted on their website:
February 17, 2023 – Hutchinson Clinic, P.A. (“Hutchinson Clinic”) is issuing notice of a recent data security event, which is still under investigation, that may impact the confidentiality and security of information related to certain patients as well as current or former employees of Hutchinson Clinic. As we continue to investigate and work toward notifying impacted patients directly, we are providing information about the event, our response, and steps potentially impacted individuals can take to better protect against the possibility of identity theft and fraud, should they feel it is appropriate to do so.
What Happened? On or about December 21, 2022, we became aware of suspicious activity related to certain Hutchinson Clinic computer systems. We immediately launched an investigation, with the assistance of third-party forensic specialists, to secure our network and to determine the nature and scope of the activity. Through the investigation, it was determined that there was unauthorized access to Hutchinson Clinic’s network between December 19, 2022, and December 21, 2022. The unauthorized actor had the ability to acquire certain information stored on the network during the period of access. Therefore, we undertook a comprehensive review of the at-risk files to identify those current and former patients, and any current and former employees, whose information may have been impacted by this event. Once this comprehensive review is complete, we will continue to work as quickly as possible to mail a notification letter directly to potentially impacted individuals, which will include resources that individuals can reference to further protect their information.
Which Patients / What Information was Affected? The type of potentially impacted information may vary by individual but includes name, contact information, date of birth, Social Security number, driver’s license number, health insurance information, medical record number (MRN), medical history, diagnosis, and treatment information, and physician name.
What We are Doing. We at Hutchinson Clinic take this event and the security of your information seriously. Upon learning of this event, we immediately took steps to secure our network and maintain operations in a safe and secure fashion. As part of our ongoing commitment to the privacy of personal information in our care, we are working to review our existing policies and procedures and to implement additional administrative and technical safeguards to further secure the information on our systems. Notice was also provided to federal law enforcement and will be provided to the U.S. Department of Health and Human Services. We remain committed to fully complying with all state and federal requirements and maintaining timely and transparent communication with our employees, our patients, and the community as we learn more.
What Affected Individuals Can Do. Potentially affected current and former patients or employees of Hutchinson Clinic are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity and to report any suspicious activity promptly to your insurance company, health care provider, or financial institution. Additional detail can be found below in the Steps You Can Take to Help Protect Your Information and in the notification letters that will be sent to affected individuals.
For More Information. If you have additional questions, please call a dedicated assistance line we have established at 866-674-3487, 8 AM – 5:30 PM Central, Monday through Friday.