Battle Mountain General Hospital ("BMGH") has become aware of a data security incident that occurred on January 25, 2024, potentially affecting the electronic records of both employees and patients, including personal health information (PHI).
What Happened
On January 25, 2024, BMGH identified a security breach that allowed unauthorized access to a workstation. Upon discovery, the remote access was terminated and we immediately launched an investigation with the assistance of cybersecurity experts to understand the scope and impact of the incident. The Hospital promptly fixed the vulnerability that the third party exploited and notified the FBI for law enforcement assistance.
“I am deeply sorry for what has happened, and sincerely apologize for the understandable distress this incident may cause those affected. I am fully committed to making it right,” said Jason Bleak, CEO.
Information Involved
The unauthorized access may have involved sensitive information, including but not limited to, names, addresses, dates of birth, social security numbers, medical history, and treatment information of our patients and employees. We will notify affected individuals through a variety of channels.
Investigation Outcome
Based on our analysis to date, this event affected approximately 3000 individuals, however there has been no evidence to suggest that any data compromised has been shared, published or otherwise misused. While this news is reassuring, we are not taking it lightly and have decided to proceed with every precaution to ensure the security and privacy of all individuals potentially affected.
Actions Taken
Upon discovery of the incident, BMGH took immediate steps to secure our systems and mitigate the potential impact of the breach. We have implemented additional security measures to strengthen the security of our information systems and are working closely with cybersecurity specialists to review and enhance our existing security protocols. We will provide additional training to our staff on data security and phishing prevention.
During this period, we thank our employees, our IT department and the entire cybersecurity task team for their resiliency and their swift and efficient response in addressing this incident. Safeguarding our patients’ and employees’ information is fundamental to our purpose and our role as a healthcare institution. Insights gained from this incident will be used to enhance our cybersecurity measures even further.
As part of our response to this incident:
We are offering free credit monitoring and identity theft protection services to the individuals potentially affected by this breach. We have also established a dedicated email cybersecurity@bmgh.org and phone line (1-833-918-9300) for those who have questions or need further assistance regarding this matter.
Our Apology
BMGH sincerely apologizes for any inconvenience or concern this incident may cause. We are deeply committed to maintaining the trust of our patients and employees and are taking this matter extremely seriously. Our team is working diligently to ensure that our systems are secure and that we maintain the highest level of data protection.
About Battle Mountain General Hospital
Battle Mountain General Hospital is a community-focused healthcare provider dedicated to offering comprehensive care and services to the residents of Battle Mountain and surrounding areas. With a commitment to excellence and innovation, BMGH strives to meet the healthcare needs of our community through compassionate care and medical excellence.