MRO Corp.
January 20, 2026
•[ data breach, third-party vendor incident, healthcare ]
DataBreaches summarized a disclosure that a data breach at third-party medical records vendor MRO Corp. exposed personal and health information of patients tied to two Deaconess Health System hospitals in Western Kentucky (Deaconess Henderson Hospital and Deaconess Union County Hospital), as well as affected clinic patients whose records were subject to release-of-information requests. The health system stated the breach did not affect Deaconess internal systems or its electronic medical records platform; the incident was contained to the ROI vendor environment. The reporting did not enumerate specific data elements in the excerpt.
