Oklahoma State University breach affects 280K Medicaid members; Indiana hospital battles ransomware attack

Hancock Regional Hospital's EHR system was up and running Monday after a ransomware attack last week. (Pixabay/Pexels)

Oklahoma State University Center for Health Sciences (OSUCHS) has warned nearly 280,000 Medicaid enrollees that their information may have been compromised after its network was hacked.

The Tulsa, Oklahoma, academic medical center learned in November that an unauthorized party hacked into the network and accessed folders containing Medicaid billing information, according to a notice (PDF) released by the health system. OSUCHS responded by removing the folders from the server, terminating third-party access and hiring a data security firm to investigate.

The folders contained names, Medicaid numbers and limited treatment information, but no patient information. OSUCHS reported the breach to the Department of Health and Human Services on Jan. 5.

The notice comes on the heels of a phishing attack that compromised information for 30,000 Medicaid enrollees in Florida.

RELATED: Should hospitals pay up following a ransomware attack? The answer is far from simple

Meanwhile, in Indiana, local news outlets reported that Hancock Regional Hospital was compromised by a ransomware attack on Thursday evening. On Monday morning, the hospital’s chief strategy and innovation officer, Rob Matt, told FierceHealthcare the hospital’s EHR system was operational after several days of paper charting. However, the hospital is working to get several other lower priority systems back online.

Matt said the Hancock “got the keys to our system” on Saturday morning following an attack by a “yet undefined criminal group” requesting a bitcoin ransom, but declined to specify whether the hospital paid the ransom. He said the hospital has been in recovery mode since Saturday to get its clinical systems up and running.