38,000 people affected by Oklahoma City Indian Clinic data breach

This week Oklahoma City Indian Clinic (OKCIC) reported a data breach exposing sensitive information of approximately 38,000 people.

According to a notice posted on the clinic’s website, on May 12, the clinic identified a data security incident that affected its computer system.

To investigate the data breach, OKCIC enlisted the help of a third-party forensic firm. The subsequent investigation confirmed that an unauthorized party accessed – and possibly retained – sensitive customer information.

OKCIC revealed that compromised files included:

Full name,
Date of birth,
Treatment information,
Prescription information,
Medical records,
Physician information,
Health insurance policy numbers,
Phone numbers,
Tribal ID numbers,
SSNs (Social Security numbers),
Driver’s license numbers.

As many as 38,239 individuals are impacted by the data security incident. OKCIC issued data breach letters to affected customers.

The pharmacy retailer Dis-Chem also has confirmed an unauthorized access to a database containing the personal data of more than 3.6-million people which could be used for criminal activities, such as phishing attacks.