In April 2019, hospital official discovered unusual activity in a limited number of employee email accounts. After an investigation, Cheyenne Regional Medical Center determined that an unknown third party had gained access to the email accounts between March 27 to April 8, 2019.
Patient data that may have been exposed included names, dates of birth, Social Security numbers, driver’s license numbers, dates of service, provider names, medical record numbers, patient identification numbers, medical information, diagnoses, treatment information, health insurance information and financial information.
Cheyenne Regional Medical Center said there is no evidence that patient information has been misused. Since the incident the hospital has taken additional steps to strengthen the security of its systems, including email accounts.
More articles on cybersecurity:
State-by-state breakdown of ransomware attacks on healthcare providers
5 recent data breaches caused by human error
Indiana hospital alerts 2,600 patients of human error data breach
