MyKSHealth eRecord Patient Portal Data Compromise

Home » MyKSHealth eRecord Patient Portal Data Compromise
Fri, July 24, 2015 -- Hutchinson Regional Healthcare System

The Kansas Health Information Network, Inc. (KHIN) offers an online "patient portal" called "MyKSHealth eRecord."  "NoMoreClipboard," the company that operates MyKSHealth eRecord, was the target of a sophisticated cyber-attack that may have compromised the data of some Hutchinson Regional Medical Center patients who established a portal account.  If you were affected, you should receive a letter from "Medical Informatics Engineering" the parent company of NoMoreClipboard describing the type of information accessed and the actions being taken to avoid harm to you.  If you receive a letter, please review it carefully.

Please be assured that Hutchinson Regional Medical Center's electronic medical record system is separate from that of NoMoreClipboard and the MyKSHealth eRecord patient portal.  Our hospital's computer systems were not the target of this activity and were not affected.  This incident only affects patients who enrolled in the patient portal maintained on NoMoreClipboard's network.

Detailed information is available at www.nomoreclipboard.com/notice.  In addition, we are providing Question & Answers about the incident below.  We also encourage you to call the toll free hotline that has been established to answer questions at (866)328-1987.  If you prefer to speak to a hospital representative, you may contact the hospital at 620-665-2000 and request to speak to the Privacy Officer.  

We are continuing to coordinate with the Kansas Health Information Network and NoMoreClipboard inthe investigation of the incident.  The hospital takes the privacy and security of patient information very seriously and we regret the inconvenience this incident may cause.

Questions and Answers

How did the data compromise happen?
*On May 26, 2015, NoMoreClipboard's monitoring systems detected unusual activity on its servers.  They immediately began an investigation, took steps to remove intruder access and implemented additional safeguards.  They also reported the incident to the FBI Cyber Squad and engaged a forensics consulting firm to help them further investigate and respond to the incident.

What informatin was compromised?
*Demographic and password information was compromised.  No clinical information or financial information was affectied.  If you have questions about what information was affected, you can call NoMoreClipboard's toll free hotline at 866-328-1987

How do I know if I am affected by this incident?
*This incident only affected patients who set up a MyKSHealth eRecord patient portal account.  Anyone affected by the compromise should receive a letter from Medical Informatics Engineering, the parent comany of NoMoreClipboad, specifially describing  the kinds of information affected for the individual.  You may also call NoMoreClipboard's toll free hotline at 866-328-1987 for more information.

Did this affect my other information at Hutchinson Regional Medical Center?
*At this time, we are not aware of any attempted misuse of the compromised data.  We encourage you to enroll in the free two-year credit monitoring service and identity restoration services offered by NoMoreClipboard.

*If you have not been prompted by NoMoreClipboard to do so already, you should change your password to your MyKSHealth eRecord patient portal account.

*We also encourage you to review the information about protecting your personal information available through the Federal Trade Commission at https://www.indentitytheft.gov/

Additional resources available at:
NoMoreClipboard toll free hotline:  866-328-1987
NoMoreClipboard Web site:  www.nomoreclipboard.com/notice
Hutchinson Regional Medical Center web site: http://www.hutchregional.com/