Cyber Incident Victim: McAlester Regional Health Center
Date:
May 2023
Location:
United States of America
Summary
McAlester Regional Health Center detected suspicious activity impacting system access, prompting immediate incident response protocols including system disconnection and engagement of cybersecurity experts for forensic investigation. The investigation revealed potential compromise of protected health information, which may have included names, addresses, Social Security numbers, financial details, medical records, and treatment information. The organization implemented enhanced security measures such as firewall restrictions, revised password policies, organization-wide credential resets, and restricted file sharing while reviewing affected materials to provide notifications and complimentary credit monitoring services to impacted individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 8, 2023, McAlester Regional Health Center detected suspicious activity impacting access to portions of its systems, triggering an immediate organizational response. The health center disconnected all systems upon identifying the incident and activated its incident response protocols to contain the threat. External cybersecurity experts were engaged to conduct a forensic investigation into the nature and scope of the breach. The investigation determined that unauthorized access to certain systems may have compromised documents containing protected health information, though the full extent of data exposure remained under review at the time of the August 17, 2023 public disclosure. No specific threat actor, attack vector, or duration of unauthorized access prior to detection was disclosed in the initial findings. The compromised systems housed sensitive patient data, though the health center did not specify whether electronic health records, file servers, or other infrastructure components were primarily affected.
The potentially exposed information included combinations of patient names, addresses, dates of birth, Social Security numbers, driver’s license details, financial account information, health insurance policy numbers, Medical Record Numbers, Medicaid or Medicare IDs, and clinical treatment or diagnosis data. McAlester Regional Health Center initiated a document-by-document review to identify affected individuals and specific data elements involved, committing to notify impacted parties upon completion of this analysis. Remediation efforts included firewall configuration enhancements, organizational password policy revisions with strengthened complexity requirements, mandatory password resets for all accounts, and restrictions on file-sharing permissions to reduce future attack surfaces. The health center arranged complimentary credit monitoring and identity restoration services for individuals whose protected health information was confirmed as compromised, though eligibility specifics depended on the final determination of exposed data types per individual. A dedicated call center operating Monday through Friday from 9 a.m. to 4 p.m. Central Time was established to address patient inquiries regarding the ongoing investigation and mitigation efforts.