Notice of Data Security Incident
McPherson, Kansas – May 4, 2023 – McPherson Hospital, Inc. (“McPherson Hospital”) notified certain current and former patients that their personal information may have been accessed as part of cybersecurity incident. McPherson Hospital takes the privacy and security of information in its possession very seriously and sincerely apologizes for any inconvenience this incident may cause. This notice is intended to alert potentially impacted individuals of the incident, steps we are taking in response, and resources available to assist and protect individuals.
What Happened On July 12, 2022, McPherson Hospital was the victim of a ransomware incident, in which an unauthorized third party accessed and disabled some of our systems. Upon discovering the incident, we immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity. Our investigation, which concluded on March 15, 2023, determined an unauthorized third party may have acquired certain individual personal and health information during this incident. McPherson Hospital is providing written notice to all impacted individuals. McPherson Hospital has no reason to believe that any individual’s information has been misused as a result of this event. As of this writing, McPherson Hospital has not received any reports of misuse of information and/or related identity theft since the date the incident was discovered (July 12, 2022 to present).
What Information Was Involved Again, we found no evidence that your information has been specifically misused. However, the following information was potentially exposed to an unauthorized third party: first and last name, social security number, date of birth, medical treatment information, medical billing information, and health insurance information.
What We Are Doing Data security is one of our highest priorities. Upon detecting this incident we moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of our network environment. We have also reviewed and enhanced our technical safeguards to prevent a similar incident.
The notification letter to the potentially impacted individuals includes steps that they can take to protect their information. In order to address any concerns and mitigate any exposure or risk of harm following this incident, McPherson Hospital has arranged for complimentary credit monitoring services and identity theft protection services to all potentially impacted individuals at no cost to them for a period of twelve months. McPherson Hospital recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected.
For More Information For individuals seeking more information or questions about this incident, please call McPherson Hospital’s dedicated toll-free helpline at 1-833-570-3013 on Monday through Friday between 8:00 am to 8:00 pm ET, excluding holidays. In addition, individuals may visit McPherson Hospital’s website for more information at mcphersoncenterforhealth.org.
McPherson Hospital sincerely apologizes for any inconvenience this incident may cause to members of its community and remains dedicated to maintaining the security and protection of all patient information in its control.