Labette Health, Capital Region Medical Center Confirm Data Breaches

March 15, 2022 - Both Labette Health and Capital Region Medical Center (CRMC) confirmed healthcare data breaches that occurred late last year.

The breaches both resulted in potential protected health information (PHI) exposure.

Labette Health Notifies Patients, Staff of Data Breach

Labette Health, located in Parsons, Kansas, began notifying an undisclosed number of individuals of an October 2021 data breach. An unauthorized party accessed Labette Health’s network between October 15 and October 24 and potentially accessed and exfiltrated patient and employee information.

On February 11, Labette Health determined that the accessed files and folders contained names, Social Security numbers, treatment costs, dates of service, Medicare or Medicaid numbers, treatment and diagnosis information, prescription information, and health insurance information.

“This incident does not affect all patients of Labette Health and Labette Health does not necessarily maintain all of the information listed above for all patients,” Labette Health assured in its notice.

On March 11, Labette Health said it began notifying impacted individuals of the breach and reminded them to remain vigilant and review account statements regularly.

“The security of the personal information in its possession is Labette Health’s top priority,” the notice continued.

“In response to this incident, Labette Health has strengthened its network and implemented additional security improvements recommended by third-party cyber security experts.”

Labette Health said it implemented more robust password security policies, multi-factor authentication, increased employee training, and upgraded endpoint detection software.

Capital Region Medical Center Confirms December Data Breach 

Capital Region Medical Center (CRMC) in Jefferson City, Missouri, confirmed that an unauthorized party gained access to files containing PHI in a December 2021 cyber incident.

As previously reported by HealthITSecurity, CRMC suffered a system-wide network outage that began on December 17. The hospital said that CRMC had chosen to take the network down as a precaution while assessing the situation.

In its recent notice, CRMC confirmed that an unauthorized actor accessed files containing names, mailing addresses, birth dates, health insurance information, and medical information. The unauthorized individual also accessed some Social Security numbers, driver’s license numbers, and financial account information.

CRMC said it had no evidence of fraud or identity theft resulting from the incident.

“CRMC takes the privacy and confidentiality of the information it maintains seriously, and deeply regrets that this incident occurred and for any concern this may cause,” the notice on its website stated.

“CRMC continues to evaluate its security practices, and to help prevent something like this from happening again, CRMC will continue to identify opportunities to implement additional cybersecurity measures.”