Notice of Data Privacy Incident
This notice provides information about a recent data privacy incident at MountainView Regional Medical Center. MountainView Regional Medical Center recently became aware of a data privacy incident involving certain patient lab reports. We are providing this notice to inform potentially affected individuals of the incident.
On November 6, 2025, we discovered that a technical error caused by Medhost, our electronic medical record system, resulted in a limited number of lab reports being inadvertently misdirected to incorrect accounts in the patient portal application, MphRx, between August 27, 2025 and October 13, 2025. This was not a result of a cyberattack or any unauthorized access to our internal systems, but rather a configuration error within the electronic health record system.
The lab reports contained patient name, patient number, medical record number, date of birth, date of service, and lab results. The information did not include social security numbers or information that could be used for identity theft.
We became aware of this incident on November 6, 2025, when an employee discovered that lab reports belonging to one patient were appearing in the patient portal account of another patient. Upon discovery, we immediately disabled the patient portal to prevent further access and worked with both Medhost and MphRx to identify and correct the configuration error. We have verified that the configuration has been updated and a "cleanup" process was completed to remove misdirected data from the portal.
We have mailed notification letters to all affected individuals for whom we have a valid last-known address. For individuals we were unable to reach via mail, this website notice serves as substitute notification. We deeply regret any concern this incident may cause. If you have questions or wish to determine if your information was involved, please contact our Facility Privacy Officer at (575) 556-7641.