Boys Town Healthcare Data Breach Exposed Personal Details of Patients

Another day, Another data breach!

This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children’s hospital.

According to the U.S. Department of Health and Human Services Office for Civil Rights, the breach incident affected 105,309 individuals, including patients and employees, at the Omaha-based medical organization.

In a “Notice of Data Security Incident” published on its website, the Boys Town National Research Hospital admitted that the organization became aware of an abnormal behavior regarding one of its employees’ email account on May 23, 2018.

After launching a forensic investigation, the hospital found that an unknown hacker managed to infiltrate into the employee’s email account and stole personal information stored within the email account as a result of unauthorized access.

The hacker accessed the personal and medical data of more than 100,000 patients and employees, including:

  • Name
  • Date of birth
  • Social Security number
  • Diagnosis or treatment information
  • Medicare or Medicaid identification number
  • Medical record number
  • Billing/claims information
  • Health insurance information
  • Disability code
  • Birth or marriage certificate information
  • Employer Identification Number
  • Driver’s license number
  • Passport information
  • Banking or financial account number
  • Username and password

With this extensive information in hand, it’s most likely that hackers are already selling personal information of victims on the dark web or attempting to carry out further harm to them, particularly child patients at the hospital.

However, The Boys Town National Research Hospital says it has not received any reports of the misuse of the stolen information so far.


Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.