Muskogee City County Enhanced 911 Trust Authority (MCC911) based in Oklahoma confirmed a data breach due to a ransomware attack that occurred in July 2024. MCC911 issued notifications to 180,000 impacted individuals whose protected health information (PHI) was affected. This healthcare provider offers medical, police, fire, and other 911 emergency services in Oklahoma County.
On July 25, 2024, MCC911 detected strange activity on its computer network, revealing that it had been targeted in a criminal ransomware attack. The organization promptly initiated an investigation and took precautionary measures such as taking systems offline, modifying passwords, and informing government law enforcement. Cybersecurity specialists investigated the breach to find out how system access was obtained, and to confirm the extent of the breach. MCC911 also improved its security protocols by implementing endpoint monitoring systems, upgrading its firewall, enforcing geolocation restrictions, and resetting system resources for added protection. The organization worked hard to restore its systems, reinforce current security measures, and report the incident to the appropriate government authorities.
The investigation revealed that unauthorized access occurred in some parts of the network from April 4 to July 31, 2024. During this time, the threat actor may have exfiltrated patient data. Although there is no evidence suggesting misuse of the stolen data for identity theft or fraud, MCC911 has notified all potentially affected individuals. The breach may have affected any patient who got emergency health services in Muskogee County, Oklahoma from January 2011 through April 2023. The breached data could include names, addresses, birth dates, Social Security numbers, medical conditions/diagnoses, treatment data, medical treatments, names of hospital providers, and medical health insurance data. However, the specific data affected will vary by individual.
MCC911 advises affected people to stay cautious against identity theft by checking account statements, explanation of benefits forms, and reviewing free credit reports for suspicious transactions.
