MercyOne patients' private information potentially exposed in data breach

MercyOne Clinton has announced a data privacy incident that potentially affected certain patient information in March and early April. MercyOne Clinics encountered a network disruption on April 4 that impacted specific systems. An immediate investigation was initiated with the assistance of third-party computer forensic specialists. The investigation revealed that unauthorized access was gained to certain parts of the network between March 7 and April 4. Although the assessment is ongoing, the potentially affected information is significant and may include: includes names, addresses, dates of birth, driver's license/state identification numbers, Social Security numbers, financial account information, medical record numbers, encounter numbers, Medicare or Medicaid identification numbers, mental or physical treatment/condition information, diagnosis codes/information, dates of service, admission/discharge dates, prescription information, billing/claims information, personal representative or guardian names, and health insurance information. Efforts are underway to restore the network to minimize service disruptions and ensure continued patient care. In response to the incident, MercyOne Clinics has collaborated with third-party computer forensic specialists to securely regain access to network information MercyOne Clinics will offer affected individuals access to credit monitoring and identity protection services.