The Hunt Memorial Hospital District released an update regarding a criminal cyber attack which was discovered against the district earlier this year, warning more of the district’s patients may have been impacted.
“Our cyber security firm has determined the breach was more widespread than we originally believed,” according to Lisa Hill, the Director, Foundation Development and Marketing Communications for Hunt Regional Healthcare.
The information was released in a letter mailed this week to those who may have been affected by the data breach. The letter was distributed to all of the patients potentially targeted by the attack.
When contacted Friday afternoon, Hill did not know exactly how many people were directly affected, but said the decision was reached to contact as many people as possible.
“We decided to send the information to our entire patient database,” Hill said.
Word of the new letter came to light, as the Herald-Banner began being contacted by local residents who had received the notice.
More than 150 posts about the letter were sent to the newspaper’s Facebook page as of noon Friday.
“There were 3 in our mailbox” said Charlotte Davis.
“I got 2 letters and I haven't been a patient there since 1975,” added Billy Ishmael.
“My husband and myself received letters but so did my father and he’s been deceased over 10 years,” said Kim Berry Digby.
Initial word of the data breach came in May, as the district issued a press release indicating it began notifying patients on July 12.
According to the release, the cyber attack occurred in May 2018 “during which hackers gained access to information in its computer network that included personal information of a subset of Hunt’s patients.”
The hackers were able to access medical records which contained information including patients’ names, telephone numbers, Social Security numbers, dates of birth, race and religious preferences.
The letter released this week indicates the district learned on Aug. 14 that the recipient of each letter’s personal information may have been compromised in a cyber attack.
The letter refers back to the May 14 announcement and said it involved “only a subset of our patients, which did not include you.”
Independent cyber forensics experts were employed by the district.
“During this investigation, we determined that your information was also accessible,” according to the letter.
The district said in the letter that it is working with the FBI and cyber security professionals to further investigate the incident “and based on their review, we believe the hackers are no longer in our computer system.”
Patients are being advised to call 833-297-6403 or visit ide.myidcare.com/huntmemorialhospital for additional information.