Vendor ransomware attack exposes patient data at Tennessee hospital

Vendor ransomware attack exposes patient data at Tennessee hospital unknown

Memphis, Tenn.-based Regional One Health's obstetrics and gynecology patients' information may have been compromised due to a ransomware attack on a technology vendor KMJ Health Solutions.

On Jan. 18, KMJ notified the University of Tennessee Health Science Center, which supplies residents to Regional One, that its hosting provider, Liquid Web, had found signs of a ransomware attack. KMJ provides patient handoff software to the university. The attack allowed hackers to gain access to information stored on one of KMJ's servers.

The server contained protected health information of patients who received OB-GYN services at Regional One between November 2014 and November 2023.

The information compromised included first and last names, medical record numbers, ages, dates of admission, allergies, services, resident assigned, parity, diagnoses, prenatal provider, laboratory results, medications, fetal or delivery details, contraception, type of infant feeding and information regarding follow-up care.

No financial or bank account information was compromised, according to Regional One.