Kinston, N.C.-based UNC Lenoir Health Care notified patients of a data breach that occured at its clinical guidance software vendor, which has exposed the protected health information of patients at its health system, Omaha, Neb.-based CHI Health and Sioux Falls, S.D.-based Avera Health.
In December, MCG Health, which provides patient care guidelines to the health systems, was contacted by a third party who claimed to have obtained patient data stored on its system.
MCG Health confirmed that 10 patients' information was posted to the dark web for sale and notified UNC Lenoir Health Care on April 24.
The breach has affected an unknown number of patients at UNC Lenoir Health Care, 900 patients of Avera McKennan Hospital & University Health Center, and an unknown number of patients at CHI Health and its affiliated locations.
UNC Lenoir Health Care's patient records were not found on the dark web, but MCG has determined that the unauthorized third party might be in possession of Lenoir information, which could include patient names, Social Security numbers, medical codes, street addresses, telephone numbers, email addresses, dates of birth and gender.
UNC Lenoir Health Care notified all affected patients.
The investigation is ongoing.