Hackers were inside an Iowa hospital’s network for two weeks
Hackers breached the IT systems of a hospital in Iowa, accessing files and downloading patient records to an offsite location.
St. Anthony Regional Hospital confirmed the data breach in a statement, saying the facts surrounding the breach, including the the names of patients impacted, are still being investigated. The nature of the cyberattack was not revealed.
The incident happened in August, with cybercriminals first accessing St. Anthony’s network on the 14th. The breach was not discovered until the 26th, and criminals maintained partial access to the hospital’s systems until the 28th, St. Anthony confirmed.
There was no mention of a system outage, nor any impact to patient care delivery.
The U.S. Department of Health and Human Services Office for Civil Rights was notified about the breach on Oct. 25. According to their reporting, 501 patients were impacted—however, that number is a placeholder, as St. Anthony has yet to provide an exact count.
“We are currently undertaking a comprehensive review to determine the information that may have been present in the potentially impacted files and to whom the information relates. Once complete, we will notify potentially affected individuals identified through the review process via written letter,” the hospital said in the statement.
St. Anthony added that compromised records include protected health information, such as full names, addresses, dates of birth, Social Security numbers, financial information and private medical information such as treatments and diagnoses.
The hospital is offering legally required identity protection services to those affected. However, St. Anthony said it does not have evidence stolen information was used for fraud. Currently the data is not posted for sale on dark web forums.
The full data breach notification from St. Anthony can be found here.