IMPORTANT! HIPAA Media Notice!

DUBLIN, OHIO May 2, 2025.

– CPS Solutions, LLC (“CPS Solutions”), which helps support pharmacy operations of health care clients, is providing notice of a cybersecurity incident.  Sullivan County Community Hospital is a client of CPS Solutions, and this incident experienced by CPS Solutions may have affected the information of some of the hospital’s patients.

On December 4, 2024, the company became aware of unauthorized access by an unknown third party to one CPS Solutions employee’s business email account and immediately took appropriate steps to prevent further unauthorized access. The email account was secured that same day, and an investigation was launched to determine the potential scope and impact. The investigation indicated that data from the account was accessed and removed between December 2 to 4, 2024. On January 24, 2025, CPS Solutions completed a comprehensive review which identified all customers and individuals potentially affected by this incident and what information was involved. Based on the results of that review, the company formally notified the above provider of this incident on February 10, 2025.

The personal information involved may have included: full name, date of birth, health insurance information (such as member/group ID number or Medicaid/Medicare number), and/or medical information (such as medical record number, clinical information, provider information, diagnosis or treatment information, or prescription information such as medication name). Please note that not all data elements were involved for all individuals. Social Security Numbers, driver’s license numbers, credit and debit card information, bank account information, test results, images, hospital medical records and account passwords were NOT involved for these residents.

The company regrets this incident and any concern it may have caused anyone. Protecting individuals’ information is a key priority for the organization. As soon as the incident was discovered, the company took immediate action to mitigate and remediate the incident and to help prevent further unauthorized activity.  The company is not aware of any misuse of individuals’ information as a result of this incident to date.

The company is offering affected residents two (2) years of free credit monitoring and identity protection services and encourages them to check https://response.idx.us/cps-matter/ for more information.  The company also encourages individuals to carefully review statements sent from healthcare providers and insurance companies to ensure that all account activity is valid. Any questionable charges should be promptly reported to the provider or company with which the account is maintained. Additionally, a dedicated toll-free call center has been established to help answer individuals’ questions and can be reached at 1-877-332-4437 between 8:00 AM to 8:00 PM CT, Monday through Friday, except holidays.

##

Media Contact:

424.333.6122