Cyber Incident Victim: Prisma Health

Prisma Health, South Carolina's largest hospital system, experienced three separate patient data breaches within a two-month period in mid-to-late 2019, culminating in a cybersecurity incident disclosed on October 29. The first two incidents involved physical thefts of paper records from physicians' vehicles. On June 30, 2019, a notebook containing protected health information was stolen from a physician's car associated with the Emergency Department at Richland Hospital, with Prisma Health notified on July 9. A second notebook theft occurred on July 9 from a different physician's vehicle in the OB/GYN department at the same hospital, reported to the organization on July 22. Both physical theft incidents were disclosed through security notices dated September 24, 2019, and reported to HHS in September as affecting 2,770 patients collectively, though Prisma Health did not clarify whether the same physician was involved in both thefts.

The third incident involved unauthorized digital access discovered through compromised employee credentials, disclosed on October 29, 2019. An attacker gained access to patient pre-registration and volunteer registration information forms hosted on the Palmetto Health website (palmettohealth.org) through stolen login credentials. The breach exposed personal information including full names, addresses, dates of birth, and health information, with some records containing Social Security numbers and health insurance details. Unlike the previous physical thefts reported in September, this cybersecurity incident resulted in online exposure of digital records. Prisma Health issued a dedicated security notice confirming the breach but did not specify when exactly the credential compromise occurred, how it was detected, or the total number of affected individuals. The organization's public disclosure emphasized the types of compromised data without detailing containment measures taken beyond notification.