Malware Attack on Pawnee County Memorial Hospital Impacts 7,000 Patients

Pawnee County Memorial Hospital located in Pawnee City, Nebraska, is notifying 7,038 patients that a hacker potentially accessed some of their protected health information (PHI). The hospital detected malware on November 29, 2018, which allowed the unauthorized person to access its email system.

The malware was installed in the hospital’s email system when an employee opened a malicious email attachment. Pawnee County Memorial Hospital published a substitute breach notice which stated that the email seemed to have come from a trustworthy source and that the attached file looked genuine.

A third-party computer forensics specialist assisted the hospital in investigating the incident. It was confirmed that the employee opened the email attachment on November 16, 2018 and that the malware allowed access to the email system until November 24.

The compromised email accounts contained a variety of clinical reports, clinical summaries, business reports and other internal files. Some documents contained patients’ full names as well as birth date, address, diagnosis, laboratory test data, medical record number, insurance details, driver’s license number, state ID number and Social Security number.

Although it was possible that PHI was accessed, it is uncertain if the hacker viewed or acquired any patient data. The hospital believes that the attack was financially motivated and was not conducted with the intention of stealing patient data.

Upon discovery of the breach, the hospital reset all email account passwords of employees and implemented further safety measures to boost email security. The hospital has already sent breach notification letters to affected patients and has offered them free registration for online credit monitoring services for one year.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: