A cybersecurity incident may have exposed sensitive personal, health and financial records of tens of thousands of Americans.
The latest numbers from the U.S. Department of Health and Human Services Office for Civil Rights show that 36,659 Americans are affected by a hacking/IT incident at Cumberland County Hospital (CCH).
-->CCH says that an unknown attacker breached its systems and stole patient and employee data, which may include names, dates of birth, addresses, phone numbers, email addresses, ethnicities, Social Security numbers, medications, diagnoses, treatment notes, dates of service, medical record numbers, health plan numbers, claims and billing records.
The hospital also says that the thief may have siphoned the employment data of current and former employees, including driver’s licenses, birth certificates, background check records, W-4 and W-2 tax forms and bank account numbers.
“On April 3, 2025, CCH discovered unauthorized access by a third party to our computer system. We immediately shut down all computers, disabled data sharing connections, contacted law enforcement, and began investigating…
Cybersecurity experts determined that the unauthorized access to our computer system began on February 21, 2025, and ended on April 3, 2025.
The electronic medical records system that CCH and its partners use to record and bill for patient care was not involved or accessed in this incident. “
CCH is a Kentucky-based hospital offering outpatient and inpatient healthcare services.
The hospital says it immediately sent letters of notification to affected individuals to shed more light on the data breach, while offering free identity monitoring services for 12 months.
For now, CCH says that its IT team has revamped the hospital’s security protocols to prevent a similar incident from happening again.
