The not-for-profit Catholic health system based in Peoria, IL, OSF HealthCare, started sending notifications to 53,907 patients regarding a cyberattack that was identified on April 23, 2021.
OSF HealthCare stated upon awareness of the breach, it took action to avoid continuing unauthorized access and engaged a third-party forensic specialist to do an investigation into the attack to find out the magnitude of the breach. The investigator affirmed the attackers got access to its systems first on March 7, 2021 and possibly had continuing access until April 23, 2021.
OSF HealthCare mentioned the attackers accessed a number of files on its system that were associated with patients of OSF HealthCare Little Company of Mary Medical Center and OSF HealthCare Saint Paul Medical Center. As of August 24, the investigators confirmed that the following types of patient data might have been exposed:
Names, contact details, birth dates, driver’s license numbers, Social Security numbers, state/government ID numbers, treatment data, diagnosis data and codes, physician names, hospital units, dates of service, prescription details, medical record numbers, and Medicare/Medicaid or other health insurance details.
A part of patients additionally had financial account data, credit/debit card details, or credentials for an online financial account compromised.
People who had their Social Security number or driver’s license number was exposed in the attack have been provided complimentary credit monitoring and identity protection services via Experian. OSF HealthCare states it has enforced further safeguards and technical security measures to avoid other attacks.
OSF HealthCare published a substitute breach notice on its website, which did not mention the nature of the cyberattack. But this seems to be a ransomware attack plus information theft that potentially occurred 7 months earlier.
Databreaches.net reports that it was informed about the publication of stolen information on a dark web leak website in June and notified OSF HealthCare concerning the patient data exposure. A ransomware operation recognized as Xing Team professed it was responsible for the cyberattack and uploaded information to its dark web leak site that contained patients’ protected health information. Databreaches.net explained that the site listing was viewed above 350,000 times, according to the site counter.