Boys Town hospital cyberattack affects records of 105,000 patients

Register now

A cyberattack has potentially compromised medical records of 105,309 individuals at Boys Town National Research Hospital in Omaha, Neb.

Hackers were able to gain access to the records through a hack of an employee email account at the hospital, and the organization has notified 105,309 individuals that their medical records may have been compromised.

On May 23, Boys Town personnel noticed unusual activity related to the email account, and subsequent investigation by forensic specialists showed the unknown attacker did have access to the account.
Then, in early July, Boys Town confirmed personal information may have been accessible and also confirmed the identities of affected persons.

Also See: Humana web sites hit by sophisticated data attack

Not only was the hacking massive, but so were the different types of information that was compromised. Included were patient names, dates of birth, Social Security numbers, diagnoses, treatments, Medicare and Medicaid identifiers, medical record numbers, billing and claims information, health insurance information, disability codes, birth or marriage certificates, employer identifier numbers, driver’s license numbers, passport information, banking or financial account numbers, and user names and passwords.

While Boys Town has not received reports of misuse of the information, hackers often delay using recently stolen health data. As has become common in the healthcare industry, Boys Town is reviewing existing policies and procedures and strengthening protection of its information systems.

Affected individuals are being offered one year of identity theft protection services.

Boys Town executives declined to provide additional details about the incident.

For reprint and licensing requests for this article, click here.