CCM Health Falls Victim to Data Breach

The breach occurred in April 2023.

By HFT Staff


CCM Health learned certain systems within their network environment were affected by a cybersecurity incident that resulted in the unauthorized access to and/or acquisition of certain files from the network, which occurred between April 3, 2023, and April 10, 2023. As soon as they became aware of this issue, they launched an immediate and thorough investigation and alerted law enforcement. 

As part of the investigation, CCM Health engaged leading third-party cybersecurity professionals experienced in handling these types of incidents. The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. Upon completing the investigation, they identified the files that were subject to unauthorized access and/or acquisition and they determined the impacted files likely contain sensitive data; including personal information and protected health information. They conducted an extensive manual review of the impacted files to determine the scope of the affected information and to identify the individuals to whom the data belongs.  

On February 12, 2024, CCM Health discovered that some of the files contained individual identifiable personal and/or health information. The potentially affected data includes individual names, addresses, dates of birth, driver’s license or other state identification numbers, passport numbers, Social Security numbers, financial account numbers, routing numbers, payment card numbers, health insurance information and medical information. If medical information was involved, this may include a medical record number, patient account number, prescription information, healthcare provider’s name, medical diagnosis, diagnosis code, treatment type, treatment location, treatment date, admission date, discharge date and/or lab results.  

This is not an exhaustive list, nor can CCM Health confirm that each data element was affected as it relates to all affected individuals. They began notifying affected individuals via U.S. mail and will offer complementary credit monitoring services to those whose Social Security numbers were involved. 

CCM Health reminds individuals to remain vigilant in reviewing financial account statements regularly for any fraudulent activity. They also recommend that patients and their families review the explanation of benefits statements and follow up on any items not recognized. 



March 21, 2024


Topic Area: Information Technology , Security


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.