By HFT Staff

Clarke County Hospital in Osceola, IA, has recently started notifying 28,003 current and former patients about a security breach that exposed some of their protected health information. Suspicious activity was detected within its IT environment and the network was immediately isolated. A third-party digital forensics firm was engaged to investigate the security breach to determine the nature and scope of the incident and confirmed there had been unauthorized access on April 14, 2023, and the parts of the network that were accessed contained patient information. 

The electronic medical record system was not compromised, and highly sensitive information such as Social Security numbers, banking information, credit card information and/or financial information was not accessed. The files potentially viewed or stolen included names, addresses, dates of birth, health insurance information, medical record numbers and some health information. At the time of issuing notifications, no reports had been received to indicate there had been any actual or attempted misuse of patient data. 

Clarke County Hospital said enhancements were immediately made to improve system security and experts have been engaged to conduct a comprehensive review of system security. Security protocols will be further enhanced based on the findings of the review. Complimentary credit monitoring services and identity theft protection services have been offered to all potentially impacted individuals for 12 months and the hospital recommends that all individuals take advantage of those services.