By HFT Staff

Mercy Medical Center – Clinton has notified 20,865 patients about a security incident that disrupted its network. The security breach was detected on April 4, 2023, and the forensic investigation confirmed its network had been accessed by an unauthorized third party between March 7, 2023, and April 4, 2023. 

The attack did not affect patient care but prevented access to its systems while the attack was remediated. The review of the incident is ongoing, but it has been confirmed that the following types of information have been exposed: name, address, date of birth, driver’s license/state identification number, Social Security number, financial account information, medical record number, encounter number, Medicare or Medicaid identification number, mental or physical treatment/condition information, diagnosis code/information, date of service, admission/discharge date, prescription information, billing/claims information, personal representative or guardian name and health insurance information. 

Mercy Medical Center did not state whether ransomware was involved but said data had to be restored from backups and some data has likely been lost. Additional technical steps are being taken to try to recreate the lost data it was not possible to restore. Credit monitoring and identity protection services have been offered to affected individuals and additional technical safeguards have been implemented to prevent similar attacks in the future.