The Oklahoma City Indian Clinic (OKCIC) disclosed this week that it had suffered a data breach that exposed almost 40,000 people’s personally identifiable information (PII). According to a notification on the clinic’s website, the facility discovered a data security breach affecting its computer system on May 12.
OKCIC solicited the services of a third-party forensic agency to examine the event. An unauthorized entity obtained – and possibly held – critical consumer information, as per the inquiry. Customers’ names, phone numbers, dates of birth, medical records, treatment information, physician information, prescription information, health insurance policy numbers, Social Security numbers, Tribal ID numbers, and driver’s license numbers were among the information compromised, according to OKCIC. Reports reveal that the hack has affected up to 38,239 people.
Duncan Regional Hospital in Oklahoma suffered a security breach in March, exposing the personal information of almost 92,000 people. The cyber dangers that US healthcare providers face have been highlighted in many reports this year. According to research published in November 2021, most online apps used by prominent healthcare providers in the United States have vulnerabilities.
Healthcare, financial services, manufacturing, utilities, and professional services were the industries with the highest breaches in Q1 2022, according to a study released by the Identity Theft Resource Center in April 2022. Following a White House warning about the heightened danger to American healthcare providers from cyber-threats emanating from Russia, US Senators sponsored the Healthcare Cybersecurity Act (S.3904) in March 2022.
In March, the US approved legislation requiring critical infrastructure businesses to disclose cyber events to the Cybersecurity and Infrastructure Security Agency within 72 hours (CISA). According to CISA, healthcare is among the 16 crucial infrastructure sectors.