Morehead Memorial Hospital

Morehead Memorial Hospital is a healthcare organization based in the United States of America. The institution operates as a hospital, providing medical services that involve the handling of sensitive patient health information. A documented security incident from September 15, 2017, confirms its role in managing protected health data, including treatment overviews and health plan details, which signifies its function within the healthcare sector. This event also indicates the hospital employs staff, as employee email accounts were compromised, and it processes information containing limited Social Security numbers, situating it within the regulated environment of U.S. healthcare providers subject to privacy laws.

The 2017 phishing attack directly compromised two employee email accounts, potentially exposing a mix of patient and employee data. The specific types of information at risk included health insurance payment summaries, treatment overviews, health plan details, and a limited number of Social Security numbers. Upon detecting the breach, the hospital took immediate containment actions by disabling the affected accounts and resetting network passwords. The organization engaged external forensic experts to investigate the scope and cause of the incident. Furthermore, Morehead Memorial Hospital complied with regulatory expectations by notifying authorities, specifically the FBI and the Department of Homeland Security. To support individuals whose information may have been accessed, the hospital offered free identity monitoring services and established a dedicated website and assistance line to provide details and aid, demonstrating a standard incident response protocol for a healthcare entity facing a data breach.