Zanesville, Ohio-based Muskingum Valley Health Centers has notified more than 7,000 patients that their personal information may have been exposed in a ransomware attack on its EHR system.
In the July 31 data breach notice, the hospital said that in June it discovered a ransomware attack on the EHR system of Cambridge-based OB GYN Specialists of Southeastern Ohio, which MVHC acquired in 2018
A cybersecurity firm determined that three OB GYN Specialists' systems, including its EHR server that contained patient records from 2012-17, were hit by ransomware on May 31. Patient names, dates of birth, Social Security numbers, diagnoses, conditions, lab results and insurance claim details were exposed.
MVHC reported the incident on July 31 to HHS' OCR data breach portal as affecting 7,447 individuals.
The hospital has updated its security policies, procedures and password requirements in response to the incident and is also offering 24 months of credit monitoring and identification theft protection services to individuals affected.