Ciox Security Breach Impacts Approximately 500 OU Health Patients

OU Health has been notified from a former third party vendor of a breach in the vendor’s security. Ciox Health, a healthcare information management company, reported an incident involving unauthorized access to an employee’s email account that may have involved some of OU Health patients’ information.

No financial or Social Security number information was impacted. The information that may have been involved in the breach includes patient names, dates of birth, provider names and/or date(s) of service.

Ciox immediately secured the account and obtained the assistance of an outside cybersecurity firm. An investigation determined that an unauthorized person accessed the account between June 24-July 2, 2021, and during that time may have downloaded emails and attachments. Those potentially impacted by this breach included 509 OU Health patients.

Ciox has no indication that any of the patients’ information was actually viewed or acquired by the unauthorized person, or that it has been misused. The organization believes the account access occurred for purposes of sending phishing emails to other individuals unrelated to Ciox.

With the assistance of OU Health, Ciox has mailed notification letters to patients whose information was found in the account. Any OU Health patient concerned about this incident can direct their calls to (855) 618-3107, between 9:00 a.m. to 6:30 p.m. Eastern Times, Monday through Friday. Additional information can be found at: https://www.cioxhealth.com/notice-of-email-security-incident/. For further comment, please reach out to Ciox Health’s media spokesperson at ciox_media@cioxhealth.com.