The number of people impacted by Oracle Health’s hacking incident is not yet confirmed. The data breach may have impacted roughly 80 hospitals, though there is no report to the public yet of the listing of affected hospitals.
Oracle Health, in compliance with HIPAA laws, sent notifications to the impacted healthcare company clients, many of whom just learned not too long ago that they were affected. Some of the healthcare providers that confirmed they were impacted by the hacking incident, not to mention had suffered patient data theft include: OSF Saint Clare Medical Center in Illinois, Lake Regional Health System in Missouri, NKC Health in North Kansas City, and Aultman Health System in Ohio. All of those healthcare companies has began sending notification letters to the impacted patients and has given free credit monitoring services.
The breached data differed from company to company and typically includes data generally kept in health records, for example names, birth dates, medical record numbers, diagnoses, prescription drugs, lab test data, medical images, and Social Security numbers. Although the incident resulted in data breach, there were no identified cases of data misuse so far. A number of the impacted healthcare companies just got breach notifications from Oracle Health telling them that they were impacted. For example, NKC Health and OSF Saint Clare Medical Center just got a listing of the people affected by the breach in November, which is 11 months after the episode of the hacking incident.
Oracle Health faced several class action lawsuits because of the data breach. One lawyer representing a breach victim was informed by the attorneys of the defendant that the breach may have affected 80 hospitals. Attorney Elena A. Belov filed a lawsuit on behalf of one victim in the Western District of Missouri, indicating that the data breach possibly affected millions of people.
Image credit: bixpicture, Adobestock / logo©OracleHealth
