Christmas ransomware exposed over 300K patient records to dark web
Last Christmas, Anna Jaques Hospital in Massachusetts suffered a ransomware attack. Now, nearly a year later, it has concluded its investigation.
According to a statement dated Dec. 5, over 300,000 patients had their data taken by hackers and put on the dark web for sale. Sensitive information exposed includes health insurance information, Social Security numbers, names, addresses, driver’s license numbers, financial data, and medical information contained in the hospital’s electronic health record.
Cybercrime cell Money Message took credit for the attack, holding Anna Jaques’s data for an undisclosed ransom in January 2024. The extortion was unsuccessful and data stolen by hackers was posted for sale by Money Message on a dark web forum.
The hospital did not say if it paid any ransom. It did confirm that the 316,342 patients known to be impacted by the data breach have been notified.
Despite the personal and private nature of the stolen data, Anna Jaques said it has “no evidence that any of your information has been misused for identity theft or financial fraud as a direct result of this incident.” It also said it worked with a third-party cybersecurity firm to conduct its investigation.
When it noticed hackers had accessed its network “on or about December 25, 2023,” the hospital said it “commenced an immediate and thorough investigation, contained the network, and alerted law enforcement.”
Despite the partial shutdown of its network, hackers were able to move data to an offsite location. Anna Jaques said it initially notified the public about the breach through a statement on its website dated January 24, 2024.
Anna Jaques is a not-for-profit community hospital with 83 beds and 200 physicians, serving Massachusetts and southern New Hampshire. According to its website, it employs 200 physicians.
Anna Jaques is part of Beth Israel Lahey Health network of 100 medical clinics and 14 hospitals. It employs more than 4,700 physicians and 39,000 staff.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.