Cyber Incident Victim: Mowery Clinic

Mowery Clinic in Salina, KS, detected a cyberattack on September 14, 2021, prompting immediate action to secure its systems and prevent further unauthorized access. The clinic engaged a third-party cybersecurity firm to conduct a forensic investigation, which confirmed the attacker deployed malware enabling access to and acquisition of documents containing employee and patient information. The investigation established that the electronic health record system remained uncompromised, limiting exposure to other stored files. Analysis of the compromised documents revealed potential access to patient names, addresses, dates of birth, medical details including office and diagnostic notes, and a limited quantity of Social Security numbers. For employees, the breach extended to information about spouses, dependents, beneficiaries, or minor children in certain instances. No evidence emerged during the investigation indicating actual or attempted misuse of the accessed data at that stage.

The clinic maintained an ongoing investigation to determine the precise method of network intrusion while restoring operational security. Remediation efforts focused on implementing unspecified appropriate measures to prevent recurrence of similar incidents. Although explicit details about containment procedures were not disclosed beyond system securing, the forensic review prioritized identifying the attack vector and scope of document access. Notification letters were issued to affected patients, though the total number of impacted individuals remained undisclosed in available reports. The breach exposed clinical administrative documents rather than core medical records, with particular sensitivity arising from the inclusion of family member data for employees alongside standard patient demographics and limited identifiers. Mowery Clinic's public statements emphasized continued review of security protocols without confirming specific enhancements or third-party service offerings to affected parties.