Cyber attack on Medical Center Barbour compromised the data of over 60,000 patients

Medical Center Barbour, an Alabama-based healthcare provider, said it experienced a data security incident that compromised the sensitive personal information of its patients and staff.

Founded as Salter Hospital in 1930, Medical Center Barbour offers healthcare services to people living in Alabama’s Barbour county and surrounding areas. The healthcare centre is jointly owned by the Healthcare Authority of the City of Eufaula and Alliant Management Services.

In a filing with the Office of Maine Attorney General, Medical Center Barbour said that on October 29, it identified suspicious activity in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“The investigation concluded on December 8, 2023. As a result of the investigation, MCB learned that an unauthorised actor accessed certain files and data stored within our network,” the healthcare provider said.

The compromised data included names, dates of birth, addresses, Social Security numbers, passport information, health insurance information, driver’s license and state IDs, medical information, and financial information.

Medical Center Barbour’s filing with the Maine state regulator also revealed that at least 61,014 individuals were impacted by the incident.

“Upon learning of this event MCB moved quickly to investigate and respond to the event and notify potentially affected individuals,” reads a  data security incident notice on MCB’s website. “As part of its ongoing commitment to the security of information, MCB is reviewing and enhancing its existing policies and procedures related to data privacy to reduce the likelihood of a similar future event.”

Medical Center Barbour has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.