Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) of nearly 40,000 individuals.
According to a notice posted on the clinic’s website, on May 12, the clinic identified a data security incident that affected its computer system.
To investigate the incident, OKCIC enlisted the help of a third-party forensic firm. The subsequent investigation confirmed that an unauthorized party accessed – and possibly retained – sensitive customer information.
OKCIC revealed that compromised files included name, dates of birth, treatment information, prescription information, medical records, physician information, health insurance policy numbers, phone numbers, Tribal ID numbers, Social Security numbers and driver’s license numbers of customers. As many as 38,239 individuals are reportedly impacted by the breach.
OKCIS issued data breach letters to affected customers.
In March, Oklahoma-based Duncan Regional Hospital suffered a security incident that exposed the personal data of more than 92,000 individuals.
Various reports this year have highlighted the cyber risks that US healthcare providers are facing. In November 2021, it was reported that vulnerabilities exist in most of the web applications used by leading healthcare providers in the US.
A report by the Identity Theft Resource Center in April of 2022 revealed that healthcare, financial services, manufacturing and utilities and professional services were the sectors that suffered the most breaches in Q1 2022.
In March of 2022, US Senators proposed a new bill, known as the Healthcare Cybersecurity Act (S.3904), following a White House warning over the increased risk to American healthcare providers from cyber-threats stemming from Russia.
In March, the US passed legislation forcing critical infrastructure companies to report cyber incidents within 72 hours to the Cybersecurity and Infrastructure Security Agency (CISA). Healthcare is one of the 16 critical infrastructure sectors, as defined by CISA.