Cyber Incident Victim: Duncan Regional Hospital
Date:
Jan 2022
Location:
United States of America
Summary
Duncan Regional Hospital experienced a data security incident impacting over 92,000 individuals, prompting immediate system disconnection and incident response protocols. The breach potentially exposed sensitive patient information such as names, Social Security numbers, treatment details, and birth dates, along with employee W-2 data including addresses. In response, the organization implemented measures like password changes, enhanced firewall restrictions, and deployment of endpoint threat detection software. Affected individuals were offered credit monitoring services through Experian. The incident had not been added to the Office for Civil Rights breach portal at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Duncan Regional Hospital (DRH), a not-for-profit community hospital in Oklahoma, discovered a data security incident on January 20, 2022, that impacted access to certain systems. Upon detection, DRH immediately disconnected all systems from external access and activated its incident response protocols to contain the event. The hospital initiated an investigation to determine the nature and scope of the breach, though the specific attack vector—whether ransomware, data exfiltration, or another method—remained unclear based on available public disclosures. By March 2022, DRH confirmed through its forensic review that unauthorized actors potentially accessed sensitive data belonging to patients and employees. The compromised patient information included names, Social Security numbers, treatment details, medical appointment records, and dates of birth. Employee data exposure involved W-2 forms containing names, birth dates, Social Security numbers, and residential addresses. The Maine Attorney General’s Office reported that over 92,000 individuals were affected by the breach, though the incident had not yet appeared on the HHS Office for Civil Rights breach portal at the time of reporting.
In response to the incident, DRH implemented multiple corrective measures to secure its systems and prevent recurrence. These actions included changing all organizational passwords, enhancing firewall restrictions to limit unauthorized access, and deploying endpoint threat detection and response monitoring software across workstations and servers. The hospital notified impacted individuals via mail, disclosing the types of exposed data but not confirming whether attackers actively misused the information. As a remediation offering, DRH arranged complimentary credit monitoring services through Experian for affected parties. The hospital’s public communications emphasized these technical and operational improvements without elaborating on prior security controls or attributing the breach to specific threat actors. No further details regarding regulatory investigations, legal repercussions, or financial losses stemming from the incident were disclosed in the available source material.