Eskenazi data stolen in cyber attack published on dark web – WISH-TV | Indianapolis News | Indiana weather

0

INDIANAPOLIS (WISH) – Some patient and employee data stolen in a cyberattack on Eskenazi Health in May has been released to the dark web, the healthcare provider said in a statement on Friday.

Eskenazi Health said in August that there was no evidence the attack resulted in bank or credit card fraud, but the healthcare provider is now suggesting people check with the rating agencies in the country. credit and get free credit monitoring and identity theft protection.

Eskenazi Health is part of the Health and Hospital Corp. County of Marion, which also includes the Marion County Public Health Department, Indianapolis Emergency Medical Services, and Sidney & Lois Eskenazi Hospital.

The stolen data included medical, financial and demographic information on patients and employees, Eskenazi said. Information published on the dark web may include names, dates of birth, ages, addresses, phone numbers, email addresses, medical record numbers, patient account numbers, diagnoses, clinical information, physician names, insurance information, prescriptions, service dates, driver’s license numbers, passport numbers, face photos, social security numbers, and credit card information.

In the case of deceased patients, this information may also include the causes and dates of death.

Those affected by the data breach will receive letters detailing the specific types of their information involved.

The data breach occurred around May 19. The healthcare provider learned of the breech around Aug. 4 and took its network offline “to protect its information and maintain the safety and integrity of patient care,” a press release said. from Eskenazi Health.

Eskenazi said in late August that he informed the FBI, which was working with the health care provider on his investigation.

Virtru, a data encryption and digital privacy provider, says securing healthcare data is a major challenge. They cite health information exchanges, electronic records, user errors in technology adoption, hackers, cloud and mobile technology, and outdated technology in hospitals as the biggest challenges for them. health care providers.

Eskenazi Health said it was making changes and working to identify areas for improvement.

Press release

Indianapolis, October 1, 2021 – Eskenazi Health has announced that a cyberattack led by cybercriminals and discovered by Eskenazi Health on or around August 4, 2021, resulted in the personal information of some employees and patients, including personal information being compromised. health. Eskenazi Health, a public hospital division of the Marion County Health & Hospital Corporation (HHC), is conducting the investigation on behalf of HHC and its divisions.

The Cyber ​​Attack and Eskenazi Health’s Response

“On or around August 4, 2021, Eskenazi Health’s information security team became aware of suspicious activity on their system. Upon detection of this activity, Eskenazi Health immediately took steps to take its network offline to protect its information and maintain the security and integrity of patient care. Eskenazi Health has a comprehensive clinical information system and has followed its established downtime procedures.

“In accordance with its information security protocols, Eskenazi Health promptly investigated this activity to identify the scope and nature of the attack and determined that sophisticated cybercriminals gained access to its network on or around May 19, 2021,” using a malicious internet protocol address. . Cyber ​​criminals also disabled security protections, making it difficult to detect their activity until they launched the cyber attack.

“Eskenazi Health values ​​its patients, employees and providers and is committed to respecting confidentiality. We quickly engaged an independent forensic team to investigate and contain the incident and to protect against further criminal activity. Eskenazi Health’s forensic team conducted a thorough investigation and helped Eskenazi Health take mitigation measures to ensure that cybercriminals were no longer on its network. Eskenazi Health has also notified the FBI and activated additional security measures to further improve the security of its network. There is no evidence that any files were locked by the cybercriminals, and Eskenazi Health did not pay the cybercriminals a ransom.

“Despite Eskenazi Health’s best efforts, data was stolen from its network by cybercriminals and they posted some of the data on a part of the internet known as the dark web. This data included certain personal and health information of certain patients and employees of HHC. Those affected are discussed below.

“Eskenazi Health is constantly evaluating its security systems and will continue to make the necessary improvements to protect the privacy and security of information on an ongoing basis. Eskenazi Health has been proactive in its efforts to implement policies, procedures and safeguards to prevent data breaches from reoccurring in the future and has worked with its forensic team to identify areas of concern. to improve.

The information concerned

“Through its review of the data, Eskenazi Health determined that some people’s medical, financial and demographic information was obtained by cybercriminals and published on the dark web. Impacted information may include: driver’s license number, passport number, facial photos, social security number, and credit card information. In the case of deceased patients, this information may also include the cause and date of death. Those affected will receive a letter detailing the specific types of their information involved in the incident.

“The information concerned

“Through its review of the data, Eskenazi Health determined that some people’s medical, financial and demographic information was obtained by cybercriminals and published on the dark web. Impacted information may include: driver’s license number, passport number, facial photos, social security number, and credit card information. In the case of deceased patients, this information may also include the cause and date of death. Those affected will receive a letter detailing the specific types of their information involved in the incident.

Affected individuals

“Those affected, or their families, may wish to review the information maintained by each of the credit bureaus and all relevant financial institutions for any suspicious activity. Contact the credit bureaus at the following numbers:

“Equifax 800-525-6285

“· Experiential 888-397-3742

“Trans Union 800-680-7289

“Identity theft protection, including credit monitoring, is available to those affected at no cost to them. Instructions on how to register for the Identity Theft Protection Program will be included in each person’s letter. If Eskenazi Health becomes aware of additional important information, it will make it available through its Incident website, located here: https://www.eskenazihealth.edu/cyber-incident.

“Those with additional questions regarding this incident should contact (855) 896-4446. Be prepared to provide mission number B019316 when speaking with a representative.

About Eskenazi Santé

“For over 160 years, Eskenazi Health has provided high-quality, cost-effective, patient-centered health care in central Indiana. Accredited by the Joint Commission, nationally recognized programs include a Level I Trauma Center, Regional Burn Center, Comprehensive Elderly Care Program, Women and Child Services, Care Programs for adolescents and adolescents, a Lifestyle health and wellness center, a Sandra Eskenazi mental health center, and a network of primary care sites located throughout Indianapolis, known as the Eskenazi Health Center. In partnership with the Regenstrief Institute, Eskenazi Health is leading groundbreaking work that informs health information technology around the world. Eskenazi Health also serves as the sponsoring hospital for Indianapolis emergency medical services. As a public hospital division of the Health & Hospital Corporation of Marion County (HHC), Eskenazi Health partners with Indiana University School of Medicine whose physicians provide a full range of primary and specialty care services. In 2013, Sidney & Lois Eskenazi Hospital opened, offering a new modern and efficient facility and becoming the first LEED® Gold Leadership in Energy and Environmental Design (LEED®) healthcare campus. Eskenazi Health has been named one of Becker’s Hospital Review’s “150 Best Places to Work in Health” for the past four consecutive years. “

Eskenazi Health press release


Source link

Leave A Reply

Your email address will not be published.