Cyber Incident Victim: Virginia Gay Hospital

Virginia Gay Hospital in Vinton, Iowa, discovered a data security incident involving unauthorized access to an employee email account on June 18, 2019. The hospital promptly initiated an investigation with the assistance of computer forensic experts to determine the nature and scope of the breach. Analysis revealed that the compromised email account contained sensitive patient information, including names, dates of birth, Social Security numbers, and medical details. While the forensic investigation found no evidence confirming the intruder actually accessed or misused this data, the hospital concluded the information was potentially exposed due to the account compromise. The incident timeline indicates the breach occurred prior to June 18, though the exact duration of unauthorized access remains unspecified in public disclosures.

On August 15, 2019, Virginia Gay Hospital began notifying potentially affected patients through mailed letters describing the incident and protective measures. The notification included details about the types of exposed information and offered access to resources for safeguarding personal data. The hospital established a dedicated toll-free call center operational Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time to address patient inquiries, reachable at (855) 940-0843. Hospital administration publicly expressed regret for any concerns or inconvenience caused by the incident, emphasizing their commitment to protecting patient privacy. No ransomware involvement, financial theft, or further malicious activity beyond the email account compromise was reported in available documentation. The response focused on transparency through direct patient notifications rather than public regulatory filings or law enforcement disclosures based on the provided information.