Hospital Sisters Health System informed nearly 882,000 patients that a cyberattack in August 2023 resulted in a data breach that compromised their private and medical data.
Established in 1875, HSHS works with about 2,200 physicians and employs over 12,000 employees. It also runs a network of physician practices and 15 community hospitals in Illinois and Wisconsin, including two children's hospitals.
The non-profit healthcare institution stated in data breach notifications given to those affected that the incident was discovered on August 27, 2023, after determining that the hacker had gained access to the HSHS network.
Following the security incident, its systems were affected by a widespread outage that knocked out "virtually all operating systems" and phone systems in Illinois and Wisconsin hospitals. HSHS also hired external security specialists to investigate the incident, assess the impact, and assist the IT staff in restoring hacked systems.
"We are prioritizing patient safety as we establish a process for restoration. With the support of third-party experts, we are bringing our systems back online as quickly and as safely as possible," HSHS noted in a September 2024 statement. "A health system of our size operates hundreds of system applications across thousands of servers, and as such, our restoration and investigative work will take some time to complete.”
While the incident and subsequent outage appear to be the result of a ransomware attack, no ransomware outfit has claimed responsibility for the breach. Following the forensic inspection, HSHS discovered that between August 16 and August 27, 2023, the perpetrators had accessed files on hacked systems.
The information accessed by attackers while inside HSHS' systems varies by individual, but it typically includes a combination of name, address, date of birth, medical record number, limited treatment data, health insurance information, Social Security number, and/or driver's license number.
While HSHS stated that there is no evidence that the victims' information was utilised in fraud or identity theft activities, it recommended impacted individuals to keep an eye on their account statements and credit reports for suspicious behaviour. The health system also provides free Equifax credit monitoring for one year to anybody harmed by the breach.
New York Blood Centre (NYBC), one of the biggest independent blood collection and distribution organisations in the world, announced that it had to reschedule some appointments due to a ransomware attack, Connecticut healthcare provider Community Health Centre (CHC) informed more than a million patients regarding a data breach last week.
UnitedHealth said earlier this month that the Change Healthcare ransomware assault last year had stolen the data of some 190 million Americans, nearly twice as many as the 100 million that were made public in October.
