Latest news with #TomKleinhanzl
Yahoo
07-05-2025
- Health
- Yahoo
Frederick Health Hospital names new CEO
Frederick Health Hospital will have a new president and CEO beginning in July. Cheryl Cioffi, the hospital's current executive vice president and chief administrative officer, will take over the top job from current CEO Tom Kleinhanzl, Frederick Health spokesman Josh Faust said Tuesday. Cioffi has risen through the hospital system's ranks for nearly three decades, including serving as chief nursing officer, chief operating officer, and, most recently, chief administrative officer, Faust wrote in a text message Tuesday evening. 'Her healthcare journey began in direct patient care, bringing a unique depth of perspective to her executive leadership,' Faust wrote. Daryl Boffman, vice chairman of the hospital's board of directors and chair of the executive transition committee, said in a statement, 'After a thorough national review, the search affirmed what we long recognized; Cheryl is the right leader to guide Frederick Health into the future.' Kleinhanzl announced in December that he would be leaving the hospital system after 20 years. He came to Frederick Health Hospital, then known as Frederick Memorial Hospital, in December 2004, after previously working at hospitals in New Hampshire, South Carolina, and Massachusetts. Under his leadership, the hospital system has added facilities that include a stroke center, a dental clinic, a prenatal center, the Frederick Health Auxiliary, the James M. Stockman Cancer Institute, the Frederick Health Breast Center, and the Center for Precision Medicine and Genetics.
Yahoo
29-03-2025
- Health
- Yahoo
Updated: Lawsuit alleges cybersecurity failures by hospital; Social Security numbers among compromised data
A lawsuit filed against Frederick Health alleges the company kept secret its "inadequate" cybersecurity measures prior to a ransomware attack in January resulting in compromised personal information for at least 100 people. The lawsuit, filed March 4, also alleges Frederick Health "deprived [people] of the chance to mitigate their injuries" by failing to notify them of the data breach until Feb. 6 — 10 days after the attack on Jan. 27. 'Frederick Health can confirm that it is the subject of a suit pertaining to the cyber event that occurred earlier this year. While we cannot comment on the specifics of the ongoing legal proceedings at this time, we want to assure our patients and the community that we take this matter seriously, and we are fully committed to resolving this issue responsibly and with integrity," a statement by FHH spokesperson Josh Faust said on Friday. "Frederick Health and our legal team are cooperating with officials to review the claim. Our priority remains to positively impact the well-being of every individual in the community and to continue to protect and safeguard the security of our systems and the information we maintain.' He declined to comment further. On Jan. 27, FHH identified a ransomware attack. Tom Kleinhanzl, the hospital's president and CEO, said an unauthorized person gained access to and copied documents from a shared drive, which he described as an electronic storage closet for important historical information. The documents contained information such as patients' names, Social Security numbers, birthdays and addresses. He said FHH's electronic medical records system, patient portal and emails were not accessed in the attack. The hospital still took the rest of its systems offline proactively as a precaution. The lawsuit was filed on behalf of two "customers" of Frederick Health, as well as any others affected by the ransomware attack, according to court documents. Frederick Health has been unable to determine the full extent of the data breach, the suit alleges. The stolen information is "one of the most valuable commodities on the criminal information black market," the suit says. The information's presence on the "dark web" could result in financial harm for Frederick Health customers, as well as their identities being stolen. Frederick Health's failure to implement "reasonable and appropriate" cybersecurity measures violated federal consumer protection laws, the suit alleges. The suit also alleges that Frederick Health "had notice and knew that its inadequate cybersecurity practices would cause injury" to the hospital's customers. Frederick Health deliberately omitted and suppressed the fact that it did not comply with regulations regarding consumer protection, the suit further alleges. Frederick Health "would have been unable to continue in business and it would have been forced to adopt reasonable data security measures and comply with the law" had it disclosed its vulnerabilities to its customers, the suit alleges. The suit calls for a jury trial and asks for unspecified monetary and other damages to be paid to those affected. FHH sends letters Frederick Health Hospital sent out letters Friday to patients and staff who have been or may be impacted by the ransomware attack. Kleinhanzl said the letters include instructions for what people should do if they've been impacted. He also said FHH is offering these people free identity theft protection and credit monitoring. Right after the attack happened, the hospital was diverting ambulances to take patients to other emergency departments. For several weeks, staff members were using "downtime procedures" and recorded everything on paper since they couldn't use electronic systems. FHH slowly brought its systems back online over several weeks, with its electronic medical records system being restored on Feb. 18. The hospital announced on March 4 that its patient portal was back up. Kleinhanzl said he could not comment further on the unauthorized person, the investigation into the attack and what law enforcement agency is working with FHH due to active litigation. The FBI told The Frederick News-Post on Feb. 4 that it can neither confirm nor deny it is investigating the ransomware attack at FHH. Kleinhanzl said a "substantial number" of notification letters are being sent out to current and former patients and staff, but he declined to comment on how many letters were being delivered. Due to the personal information that is in the shared drive, "that's why we felt compelled to be very broad in the distribution of this notification," he said. He also said the hospital will continually evaluate and modify its security and privacy practices to protect people's information and still has extensive security measures in place. "We take our role seriously, very seriously, in this community of doing everything we possibly can to protect information, and we want to make sure we're doing right by everyone we can to give an option of protection," Kleinhanzl said.
