By HFT Staff

CCM Health learned certain systems within their network environment were affected by a cybersecurity incident that resulted in the unauthorized access to and/or acquisition of certain files from the network, which occurred between April 3, 2023, and April 10, 2023. As soon as they became aware of this issue, they launched an immediate and thorough investigation and alerted law enforcement. 

As part of the investigation, CCM Health engaged leading third-party cybersecurity professionals experienced in handling these types of incidents. The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. Upon completing the investigation, they identified the files that were subject to unauthorized access and/or acquisition and they determined the impacted files likely contain sensitive data; including personal information and protected health information. They conducted an extensive manual review of the impacted files to determine the scope of the affected information and to identify the individuals to whom the data belongs.  

On February 12, 2024, CCM Health discovered that some of the files contained individual identifiable personal and/or health information. The potentially affected data includes individual names, addresses, dates of birth, driver’s license or other state identification numbers, passport numbers, Social Security numbers, financial account numbers, routing numbers, payment card numbers, health insurance information and medical information. If medical information was involved, this may include a medical record number, patient account number, prescription information, healthcare provider’s name, medical diagnosis, diagnosis code, treatment type, treatment location, treatment date, admission date, discharge date and/or lab results.  

This is not an exhaustive list, nor can CCM Health confirm that each data element was affected as it relates to all affected individuals. They began notifying affected individuals via U.S. mail and will offer complementary credit monitoring services to those whose Social Security numbers were involved. 

CCM Health reminds individuals to remain vigilant in reviewing financial account statements regularly for any fraudulent activity. They also recommend that patients and their families review the explanation of benefits statements and follow up on any items not recognized.