Mercy Health Love County Hospital Breach: Private Data of Almost 13k People Under Threat After

by | Oct 2, 2017

A HIPAA violation at Mercy Health Love County Hospital may have exposed the private information of in excess pf 13,000 patients in Oklahoma.

On June 23, 2017, the health centre found that a member of staff employee had stolen a laptop computer and paper records from a storage unit used by the facility. The breach notice issued by Mercy Health said that the records of 10 patients were taken from the storage unit along with the laptop.

The Love County Sheriff’s Office investigated the theft of PHI and revealed that the former employee had used the stolen data to fraudulently obtain credit cards in the patients’ names. A second person is also understood to have been involved in the scam.

Mercy Health contacted the ten affected patients immediately, despite the fact that they had up to 60 days to do so under HIPAA Rules, all ten patients were notified immediately. Mercy Health is working with the Love County Sherriff’s Office, the United States Postal Services, and the U.S. Secret Service which are all examining the attack.

In the official breach notice Mercy Health commented, “Although there is no evidence that files belonging to patients aside from the ten patients originally identified were accessed or acquired without authorization, Mercy is nonetheless informing the public of the incident.” All affected individuals have been offered 12 free months of credit monitoring and identity theft repair services.

Richard Barker, Mercy Health Love County Hospital and Clinic Administrator, remarked “We are taking steps to secure all patient information to prevent anything similar from happening.”

A report filed to the Department of Health and Human Services’ Office for Civil Rights says a breach has been experienced involving 13,004 paper/film records, even though it appears that the private records of only 10 patients were stolen,

It is still has not been shown if the storage unit contained the records of 13,004 patients, but only 10 patients’ files were obtained, or if this is a separate attack. HIPAA Journal made contact with Mercy Health for further clarification but has yet to receive an official response.

This article will be updated with additional information as it becomes available.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy