USA: Taylor Regional Hospital notifies OCR of data security incident
The Taylor Regional Hospital notified, on 21 March 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 190,209 individuals. In particular, the Taylor Regional Hospital stated that, on 20 January 2021, it identified unauthorised activity on its computer systems. In addition, the Taylor Regional Hospital noted that once it learned of the incident, it took steps to contain it and launched an investigation to determine the scope of the incident.
Furthermore, the Taylor Regional Hospital outlined that the investigation showed that an unauthorised person accessed files on its systems between 2 November 2021 and 19 January 2022 and the information that might have been accessed includes patients' names, addresses, dates of birth, social security number, insurance information, medical record number, and/or clinical information. Moreover, the Taylor Regional Hospital highlighted that it has no evidence that any information involved in the incident has been misused and it is committed to taking steps, including enhancing the security of its electronic systems and the information it maintains.