Cyber Incident Victim: McKenzie Health System
Date:
Mar 2022
Location:
United States of America
Summary
A healthcare provider experienced unauthorized access to its IT systems, resulting in the theft of protected health information for over 25,000 individuals, including names, contact details, medical diagnoses, treatment data, insurance information, and Social Security numbers. The organization engaged third-party investigators, implemented enhanced security measures, and offered affected individuals credit monitoring services. Separately, a medication management systems company suffered a ransomware attack that disrupted its operations, forcing certain IT systems offline and potentially impacting products and services. The company activated business continuity plans, involved cybersecurity experts and law enforcement, and initiated system restoration efforts, though the full scope of the incident—including potential data theft or operational consequences—remains under investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
McKenzie Health System in Sandusky, MI, detected suspicious activity within its IT systems on March 11, 2022, prompting immediate protective measures to secure affected systems. The organization engaged a third-party investigator to determine the nature and scope of the incident, which confirmed unauthorized access and data exfiltration. By April 22, 2022, analysis revealed that compromised files contained protected health information (PHI) of 25,318 individuals, including names, contact details, demographic data, birth dates, diagnosis and treatment information, prescription details, medical record numbers, provider names, dates of service, insurance details, and Social Security numbers. Notification letters were dispatched to affected individuals, outlining steps to safeguard personal data and PHI against potential misuse. McKenzie Health System offered complimentary credit monitoring and identity protection services specifically to those whose Social Security numbers were exposed. The provider implemented enhanced technical security measures and system monitoring protocols to fortify defenses against future incidents, though the specific methods of initial intrusion or attacker identity were not disclosed in available reports.
Separately, Omnicell, a California-based medication management systems provider, disclosed a ransomware attack discovered on May 4, 2022, in an SEC 8-K filing. The company isolated compromised internal IT systems upon detection to halt further unauthorized access and activated business continuity plans while restoring operations. Third-party cybersecurity experts assisted in investigating the attack’s impact, which disrupted multiple products and services, though the full operational and financial consequences remained undetermined at the time of reporting. Omnicell noted reliance on IT systems for financial data storage, communications, and critical business operations, emphasizing that prolonged recovery delays or failure to restore data from off-site backups could exacerbate disruptions. While the company maintained encrypted backups, it acknowledged uncertainty regarding potential data theft prior to file encryption, including possible loss of intellectual property. Law enforcement was notified, but no conclusive evidence confirmed data exfiltration or material financial impact as of the disclosure date.