The Labette Health Independence Healthcare Center notified, on 11 March 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 85,635 individuals. In particular, Labette Health stated that it recently experienced a data security incident impacting the personal information of patients and staff.

More specifically, Labette Health stated that upon learning of the incident it immediately took steps to secure its network and launched an investigation which determined that unauthorised individuals potentially accessed and acquired information from portions of its network between 15 October 2021 and 24 October 2021.

In addition, Labette Health stated that its investigation showed that certain files and folders that may have been accessed or acquired contained identifiable personal and protected health information of employees and certain patients, including the individuals' full name and one or more of the following: social security number, medical treatment and diagnosis information, treatment costs, dates of service, prescription information, Medicare or Medicaid number, and health insurance information.

Moreover, Labette Health stated that, in light of this, it has strengthened its network and implemented additional security improvements recommended by third-party cybersecurity experts, including resetting account passwords and strengthening its password security policies, implementing multi-factor authentication for network access, upgrading its endpoint detection software, and coordinating additional employee training related to network security and threat detection.

You can read the press release here and access details on the OCR portal here.