Guthrie Clinic

Guthrie Clinic is a healthcare provider headquartered in the United States of America. It delivers medical services to patients, which includes the collection and management of protected health information. As a healthcare organization, it is subject to federal privacy regulations such as HIPAA and overseen by the Office for Civil Rights. The clinic interacts with patients across its service area, providing care that generates clinical and administrative data. It relies on third‑party vendors for certain operational functions, a common practice in the healthcare sector. These vendors may handle aspects of data processing or storage on behalf of the clinic.

In July 2020, Guthrie Clinic reported a data breach affecting over 92,000 individuals after a ransomware attack compromised a third‑party vendor’s systems. The breach exposed names, contact information, age, gender, treatment dates, service departments, treating physicians, and insurance status, but did not involve medical records, diagnoses, financial data, Social Security numbers, or passwords. The organization emphasized that the intrusion was limited to the vendor’s environment and did not reach its own medical networks or electronic health record platforms. Federal authorities, including the Office for Civil Rights, opened an investigation into the incident following the clinic’s notification. The event underscores the clinic’s exposure to supply‑chain risks and its responsibility to oversee vendor security practices. Despite the breach, Guthrie Clinic continues to operate as a healthcare provider subject to ongoing regulatory scrutiny.