80K Records Breached at Central Indiana Orthopedics & Duncan Regional Hospital

Duncan Regional Hospital based in Oklahoma and Central Indiana Orthopedics reported cyberattacks that impacted a total of 170,084 persons.

Duncan Regional Hospital

Duncan Regional Hospital just reported that it suffered a cyberattack last January. It discovered the incident on January 20, 2022 because of suspicious activity noticed in certain parts of its IT systems. The IT team took all systems offline immediately to avert continuing unauthorized access. A third-party computer forensics agency investigated the incident to find out the nature and extent of the security breach.

Duncan Regional Hospital stated the attackers failed to acquire access to its electronic medical record system however got access to sections of the network that keep files with patient information. Those files included patient names, telephone numbers, addresses, birth dates, Social Security numbers, appointment data, for instance, dates of service and healthcare company names, and some treatment data.

The hospital has taken steps to enhance security and avoid more attacks, such as a company-wide password reset and applying new endpoint risk recognition and response tracking software and tougher firewall standards. Impacted persons received notification and offers of free credit monitoring and identity protection services.

The hospital already reported the incident to the HHS’ Office for Civil Rights indicating that 86,379 patients were affected.

Central Indiana Orthopedics

At the beginning of this month, Central Indiana Orthopedics reported it encountered a cyberattack that was discovered on October 16, 2021. Action was promptly taken to protect its system and a third-party computer forensics agency was called in to look into the incident.

The investigation showed that files that unauthorized persons accessed files with patient data, however, there was no report received that indicate the misuse of any patient data. The types of data contained in the files were different from one patient to another and might have contained names, Social Security numbers, addresses, and some medical data.

Central Indiana Orthopedics stated a few steps were undertaken as a response to the breach to strengthen security, avoid other cyberattacks, and mitigate the possibility of future damage. All persons impacted by the incident received notifications and offers of free dark web monitoring,
credit monitoring, and identity theft protection services.

The hospital already reported the incident to the HHS’ Office for Civil Rights indicating that 83,705 persons were affected.