Cyber Incident Victim: Harper County Community Hospital

On March 24, 2021, Harper County Community Hospital in Oklahoma experienced a ransomware attack that compromised protected health information. The hospital publicly disclosed the incident through a notice on its website, though federal authorities had not yet listed it on the U.S. Department of Health and Human Services' breach reporting tool at the time of initial media coverage. Attackers gained unauthorized access to systems containing sensitive patient data, including first and last names, dates of birth, home addresses, patient account numbers, medical diagnoses, Social Security numbers, and health insurance information. The hospital did not specify the ransomware variant used or the exact number of affected individuals in its initial disclosure. No operational disruptions or ransom demands were mentioned in available reports.

The hospital initiated breach notification procedures following the attack, alerting patients about potential exposure of their personal and medical data. Authorities investigating the incident confirmed the types of compromised information but did not disclose whether data exfiltration occurred prior to encryption. The incident remained under active investigation with no public details regarding containment measures, system restoration processes, or potential data misuse. Based on standard reporting timelines, industry observers anticipated the breach would eventually appear in official HHS records once regulatory notifications were completed. The compromised data elements created significant identity theft and medical fraud risks for affected patients due to the inclusion of Social Security numbers and clinical diagnosis information.