A growing number of hospitals and health systems, including Avera and Newman Regional, have been affected by a March 25 data breach on clinical guidance software vendor MCG Health.
On March 25, MCG Health, which provides patient care guidelines to hospitals and health systems, learned that an unauthorized party had accessed personal information stored on its system.
Patient information obtained in the MCG Health breach contains names, Social Security numbers, medical codes, postal addresses, phone numbers, email addresses, dates of birth and gender from the following hospitals and health system, as of June 23:
- An unknown number of patients from Omaha, Neb.-based CHI Health.
- Nine-hundred patients at Sioux Falls, S.D.-based Avera Health.
- An unknown number of patients from Kinston, N.C.-based UNC Lenoir Health Care.
- An unknown number of patients at Henry County (Tenn.) Medical Medical Center.
- An unknown number of patients at Emporia, Kan.-based Newman Regional Medical Center.
- An unknown number of patients at Rolla, Mo.-based Phelps Health Medical Group.
- An unknown number of patients at Fairfield, Iowa-based Jefferson County Health Center.
- An unknown number of patients at Indianapolis-based Indiana University Health.
MCG Health confirmed that 10 patients' information was posted to the dark web for sale.
The company is notifying all affected patients and hospitals.