An Indiana hospital recently announced that it suffered a healthcare ransomware attack that potentially affected 1.5 million patients. Eskenazi Health began notifying affected individuals on Nov 11, 2021 of the incident after concluding their investigation.

What Do We Know About the Healthcare Ransomware Attack?

Healthcare Ransomware Attack

According to a press release published by Eskenazi Health, their security team became aware of suspicious activity on the hospital’s system on August 4, 2021, and promptly took the network offline. However, upon further investigation into the healthcare ransomware attack, it was discovered that the network had been compromised since May 19, 2021. 

The incident enabled threat actors to steal patient protected health information (PHI) and sensitive employee data, some of which was posted on the dark web.

In a press release announcing the incident the hospital stated, “Eskenazi Health values its patients, employees and providers and is committed to privacy. We quickly engaged an independent forensic team to investigate and contain the incident and to protect against further criminal activity. Eskenazi Health’s forensic team conducted an extensive investigation and assisted Eskenazi Health with mitigation steps to ensure the cyber criminals were no longer on its network. Eskenazi Health also notified the FBI and enabled additional security measures to further enhance its network security. There is no evidence that any files were ever locked by the cyber criminals, and Eskenazi Health did not make a ransom payment to the cyber criminals.”

Let’s Simplify Compliance

HIPAA compliance and cybersecurity go hand-in-hand. Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

PHI potentially accessed during the healthcare ransomware attack included names, dates of birth, ages, addresses, telephone numbers, email addresses, medical record numbers, patient account numbers, diagnoses, clinical information, physician names, insurance information, prescriptions, dates of service, driver’s license numbers, passport numbers, facial photos, Social Security numbers, and credit card information.

Although not all patients were affected by the incident, Eskenazi Health thought it best to notify the 1,515,918 patients that it had treated recently of the incident. Patients that had their information posted on the dark web have been sent separate breach notification letters to inform them of such. They have also offered complimentary identity theft and credit moni