Attackers gained access to St. Joseph’s/Candler network in December last year
The medical and financial data of 1.4 million people was potentially exposed earlier this year in the latest ransomware attack to hit a major US healthcare provider.
St. Joseph’s/Candler (SJ/C), the largest healthcare network in Savannah, Georgia, says in a statement that it first detected the breach on June 17.
After it isolated its systems, an investigation carried out with the help of external security firms found that the attackers had originally gained access on December 20 last year.
“While in our IT network, the unauthorized party launched a ransomware attack that made files on our systems inaccessible,” it says.
“The investigation further determined that the unauthorized party may have accessed files that contain information pertaining to SJ/C patients.”
As a result, approximately 1.4 million US residents are now being informed of a potential data breach, as indicated in the US Department of Health and Human Services’ breach portal.
The data concerned includes patient names along with their address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, and financial information.
It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C.
An SJ/C spokesperson would not confirm whether a ransom was paid. However, after having temporarily resorted to using paper records, SJ/C was able to restore its IT systems to “fully operational” this week.
It is now contacting all the patients involved and is offering them free credit monitoring and identity protection services.
New security safeguards
The healthcare provider also says it’s notified law enforcement alongside moves to secure its systems.
“To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems,” it says.
The breach is just one of the latest in a rising number of ransomware attacks on healthcare organizations, with Sophos reporting in May that more than one in three experienced an attack last year (PDF).
Fewer than 30% of healthcare organizations were able to stop the attack before their data was encrypted.
And, says Sophos, healthcare organizations were less able to restore data from backups than almost any other sector: only 44% could do so, compared with 57% overall.