McKenzie Health System addresses data security breach

McKenzie Health System has announced letters are being mailed to some patients whose information may have been involved in a data security incident that disrupted the operations of some information technology systems.

McKenzie Health System of Sandusky first identified the hacking incident on March 11, and immediately took steps to secure its systems, launched an investigation with the assistance of a third-party forensic investigator, and notified law enforcement. The investigation determined that an unauthorized party accessed the IT systems of McKenzie Health System and removed some files. McKenzie Health System then initiated a review and analysis of those files to determine what information they contained.

On April 22, McKenzie determined that the files contained information belonging to some patients, including names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and/or health insurance information.

For patients whose information may have been involved in the incident, McKenzie recommends they review the statements they receive from their healthcare providers and contact the relevant provider immediately if they see services they did not receive. Additionally, for patients whose Social Security numbers may have been involved, McKenzie is offering complimentary credit monitoring and identity protection services through Experian.

To help prevent something like this from happening again, McKenzie has implemented additional safeguards and technical security measures to further protect and monitor its systems. A dedicated call center has been established to answer questions about this incident, which can be reached at 855-788-2392, Monday through Friday, from 8 a.m. to 5:30 p.m. Central Time.