Unauthorized intrusion detected by Rehoboth McKinley Christian Health Care Services

US healthcare provider operating in Arizona and New Mexico reports data breach impacting 200,000 patients, employees

Rehoboth McKinley Christian Health Care Services (RMCHCS), a non-profit healthcare provider operating in Arizona and New Mexico, has reported a data breach impacting around 200,000 patients and employees.

In a data breach notice published on May 19, RMCHCS said its “investigation has found that an unauthorized party was able to access certain systems that contained patient information and remove some data between January 21 and February 5, 2021”.

Exposed data

The potentially exposed information, it said, includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport, and (for Native Americans) tribal ID numbers.

Various healthcare-specific data was also involved, including health insurance information, medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.

However, RMCHCS added “that not all data elements may have been involved for all individuals”.

Read more of the latest healthcare breaches and security news

RMCHCS has reported that 207,195 individuals were affected to the US Department of Health and Human Services, according to its data breach portal.

Breach investigation

Upon learning of the incident on February 16, the healthcare organization said it immediately contacted law enforcement and launched an investigation.

RMCHCS added that it identified potential victims by April 30, and is now “notifying them of the incident and providing them with information about steps they can take to protect themselves”, as demonstrated by this template letter.

Potential victims are being given access to free identity monitoring and restoration services.

“In response to this incident, RMCHCS has enhanced its security and monitoring as well as hardened its systems as appropriate to minimize the risk of any similar incident in the future,” reads the data breach alert.

RECOMMENDED Covid-19, alcohol breath test results of 164,000 Wyoming residents mistakenly exposed on GitHub

“It is committed to transparency and wants to share more about what happened and the measures taken to address this issue and minimize the risk of any similar incident in the future.”

RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services, among others, to residents of McKinley County and eastern Arizona.

Formed out of a merger of two hospitals in 1983, the non-profit can trace its origins back to the provision of healthcare services to residents of Gallup, Arizona and Native Americans living on nearby reservations in the early 1900s.

RMCHCS declined to comment further in response to queries from The Daily Swig given that it “is fully cooperating with the regulatory investigation”.

RELATED US water filter supplier pays $200,000 to settle credit card data leak lawsuit