Hackers were inside an Iowa hospital’s network for two weeks

Hackers breached the IT systems of a hospital in Iowa, accessing files and downloading patient records to an offsite location. 

St. Anthony Regional Hospital confirmed the data breach in a statement, saying the facts surrounding the breach, including the the names of patients impacted, are still being investigated. The nature of the cyberattack was not revealed.

The incident happened in August, with cybercriminals first accessing St. Anthony’s network on the 14th. The breach was not discovered until the 26th, and criminals maintained partial access to the hospital’s systems until the 28th, St. Anthony confirmed. 

There was no mention of a system outage, nor any impact to patient care delivery. 

The U.S. Department of Health and Human Services Office for Civil Rights was notified about the breach on Oct. 25. According to their reporting, 501 patients were impacted—however, that number is a placeholder, as St. Anthony has yet to provide an exact count. 

“We are currently undertaking a comprehensive review to determine the information that may have been present in the potentially impacted files and to whom the information relates. Once complete, we will notify potentially affected individuals identified through the review process via written letter,” the hospital said in the statement. 

St. Anthony added that compromised records include protected health information, such as full names, addresses, dates of birth, Social Security numbers, financial information and private medical information such as treatments and diagnoses. 

The hospital is offering legally required identity protection services to those affected. However, St. Anthony said it does not have evidence stolen information was used for fraud. Currently the data is not posted for sale on dark web forums. 

The full data breach notification from St. Anthony can be found here.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more. 

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country. 

Trimed Popup
Trimed Popup