Cyber Incident Victim: Ashley County Medical Center

Ashley County Medical Center (ACMC) initiated an investigation in August 2020 following the discovery that a former employee, identified as a nurse, had inappropriately accessed the medical records of 772 patients. The unauthorized access violated federal privacy laws and ACMC's internal policies, as the employee viewed patient information for purposes unrelated to care or treatment responsibilities. Internal investigations determined the breaches occurred when the nurse accessed records without a legitimate clinical or operational need. The medical center confirmed through policy reviews and audit logs that the former employee's actions were limited to viewing records and did not involve copying, transferring, or distributing protected health information externally. No evidence suggested malicious intent beyond personal curiosity as the motivation for the privacy violations.

The incident impacted 772 individuals whose medical data was accessed without authorization, though ACMC concluded the compromised information remained confined within organizational systems. No third-party sharing or external exposure occurred based on forensic analysis of access patterns and data movement. ACMC's response centered on internal policy enforcement against the implicated nurse, whose employment had already ended prior to the investigation's completion. The organization did not publicly disclose whether law enforcement or regulatory agencies were notified, nor did it specify remediation measures offered to affected patients beyond confirming the containment of the breach. Investigative findings emphasized the isolated nature of the incident, attributing it solely to the former employee's actions without systemic security failures or broader compromise of medical systems.