By HFT Staff

Pocahontas Medical Clinic, PA (PMC) announced that it will be notifying certain current and former clients that their personal information may have been accessed as part of a cybersecurity incident. This notice is intended to alert potentially impacted individuals of the incident, steps they are taking in response, and resources available to assist and protect individuals. 

PMC experienced a network security incident that involved an unauthorized party gaining access to its network environment on May 30, 2024. Upon detecting the incident, it immediately shut off all access to the network and engaged a specialized third-party forensic incident response firm to assist with securing the network environment and investigating the extent of unauthorized activity.  

The forensic investigation determined that the unauthorized third party may have acquired certain personal information as a result of this incident. After conducting a comprehensive review of the data potentially impacted in this incident, which was completed on July 1, 2024, PMC determined that the unauthorized third party may have acquired certain personal information as a result of this incident. PMC provides written notice to all impacted individuals. PMC has no reason to believe that any individual’s information has been misused as a result of this event.  As of this writing, PMC has not received any reports of misuse of information and/or related identity theft since the date the incident was discovered (May 30, 2024, to present). 

PMC found no evidence that patient information has been specifically misused. However, the following information was potentially exposed to an unauthorized third party: first name, last name, address, email address, phone number, date of birth, Social Security number, medical record number, diagnoses/conditions, treatment information, medications, and health insurance information. Notably, the types of information affected were different for everyone, and not every individual had all the above-listed elements exposed. 

Upon detecting this incident, PMC moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of its network environment. PMC have also reviewed and enhanced its technical safeguards to prevent a similar incident.