Shreveport, La.-based Ochsner LSU Health–Regional Urology is notifying patients of a data security incident involving retired systems that may have exposed personal and medical information.
The health system identified unusual activity Oct. 10 affecting legacy Regional Urology systems that had not been used since 2022, according to a breach notification shared with Becker’s. An investigation, conducted with the help of external cybersecurity experts, found that an unauthorized third party accessed the systems and obtained copies of certain files around Oct. 5.
On Dec. 9, Ochsner LSU Health–Regional Urology reported the incident to the HHS Office for Civil Rights breach portal, reporting that 4,519 individuals were affected.
Information involved varies by patient and may include names, Social Security numbers, dates of birth, medical record numbers and details related to care received at Regional Urology before Dec. 31, 2022. Those details may include provider names, dates of treatment, medical history, and imaging or procedure information, according to the notice.
The health system said its EHR and current IT systems were not affected and the incident did not disrupt clinical operations. No other Ochsner LSU Health or Ochsner Health locations were impacted.
Ochsner LSU Health–Regional Urology is mailing notification letters to affected patients and offering complimentary credit monitoring and identity protection services to individuals whose Social Security numbers were involved.
