McKenzie Health System notified, on 10 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 25,318 individuals. In particular, McKenzie Health System stated that it had first identified the incident on 11 March 2022, and that it had immediately proceeded to secure its systems and to launch an investigation.

In light of the investigation, McKenzie Health System noted that an unauthorised actor had accessed and erased files stored in its systems containing information including names, contact information, demographic information, dates of birth, social security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and health insurance information.

Lastly, McKenzie Health System noted that, after the discovery of the incident, it had notified individuals whose information was involved and, for those whose social security numbers had been involved, it would be offering complementary credit monitoring and identity protection services. In addition, McKenzie Health System stated that it had implemented additional security measures to protect its systems, and established a dedicated call centre to answer questions relating to this incident.

You can read the notice here and access details on the OCR portal here.