Kingman Regional Medical Center website down for over two months hinting potential security breach

• A misconfiguration in the website allowed unauthorized individuals to view and access the information entered into the website by KRMC customers.
• The information that was accessible by unauthorized persons includes customer’s names, dates of birth, and limited medical information.

On June 7, 2019, Kingman Regional Medical Center notified the potentially impacted individuals about a security incident involving its website.

What happened?

KRMC has been notified about a potential security issue with its website on April 8, 2019. Upon which, the medical center immediately took down its website and conducted a comprehensive investigation. It also hired a third-party forensics firm to assist them in the investigation.

The investigation revealed that a misconfiguration in the website allowed unauthorized individuals to view and access the information entered into the website by KRMC customers.

What is the impact?

• The vulnerability in the website has impacted only the customers who had entered their information into the website while requesting an appointment.
• The information that was accessible by unauthorized persons includes customer’s names, dates of birth, and limited medical information.
• However, medical records, social security numbers, and financial information were not impacted.

“This incident does not affect all KRMC customers; only a subset of individuals who entered information requesting medical care on the KRMC website,” KRMC said in a security notice.

The response

• KRMC recommends affected customers to review the statements they receive from their healthcare provider.
• The medical center has hired a cybersecurity firm to rebuild its site with additional security features including audit and alert capabilities.

“KRMC’s website has been removed from public access and KRMC is taking steps to rebuild the secure site with additional safeguards,” KRMC concluded.