A statement has been released by Baptist Health Medical Center-Drew County following the breach.
That statement is shared below:
Baptist Health mailed notification letters to Baptist Health Medical Center-Drew County. (“Drew County”) patients, employees, and dependents whose information may have been involved in a data security incident that occurred in July 2024.
The notices, which were mailed between August 30, 2024 and September 30, 2024, explain that an unauthorized party accessed Drew County’s IT environment between April 22, 2024, and July 8, 2024. While in the IT environment, the unauthorized party may have accessed and/or acquired files that contain patient, employee, and dependent information.
For Drew County patients, the information potentially involved included names in combination with one or more of the following: addresses, dates of birth, diagnoses, treatment information, medical record numbers, provider names, and/or dates of treatment.
For Drew County employees and dependents, the information potentially involved included names,Social Security numbers, driver’s license numbers, bank account information, and/or health insurance information.
Drew County takes this incident very seriously and sincerely regrets any concern this may cause. Drew County also established a dedicated, toll-free incident response line to answer questions that individuals may have about the incident.
To help prevent something like this from happening again, Drew County has implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor its systems.