Hackers were inside an Iowa hospital’s network for two weeks

Chad Van Alstin | | Health Exec | Cybersecurity
ransomware cybercrime

Photo by Kaur Kristjan via Unsplash

Hackers breached the IT systems of a hospital in Iowa, accessing files and downloading patient records to an offsite location. 

St. Anthony Regional Hospital confirmed the data breach in a statement, saying the facts surrounding the breach, including the the names of patients impacted, are still being investigated. The nature of the cyberattack was not revealed.

The incident happened in August, with cybercriminals first accessing St. Anthony’s network on the 14th. The breach was not discovered until the 26th, and criminals maintained partial access to the hospital’s systems until the 28th, St. Anthony confirmed. 

There was no mention of a system outage, nor any impact to patient care delivery. 

The U.S. Department of Health and Human Services Office for Civil Rights was notified about the breach on Oct. 25. According to their reporting, 501 patients were impacted—however, that number is a placeholder, as St. Anthony has yet to provide an exact count. 

“We are currently undertaking a comprehensive review to determine the information that may have been present in the potentially impacted files and to whom the information relates. Once complete, we will notify potentially affected individuals identified through the review process via written letter,” the hospital said in the statement. 

St. Anthony added that compromised records include protected health information, such as full names, addresses, dates of birth, Social Security numbers, financial information and private medical information such as treatments and diagnoses. 

The hospital is offering legally required identity protection services to those affected. However, St. Anthony said it does not have evidence stolen information was used for fraud. Currently the data is not posted for sale on dark web forums. 

The full data breach notification from St. Anthony can be found here.

Related Articles:

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Boston Children's physician group suffers data breach
Ransomware hit 67% of healthcare organizations this year—more than half paid up
Lehigh Valley Health Network to pay $65M after nudes of patients leaked online
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

Report: 84% of healthcare organizations identified a data breach last year
Dental chain involved in ransomware coverup fined $350K
FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Data breach at chain of clinics impacts 450K patients
Nebraska becomes first state to sue Change Healthcare over data breach
Christmas ransomware exposed over 300K patient records to dark web

Around the web

AI in Healthcare
Nat’l Academy of Medicine sets ‘priorities for action’ as healthcare mulls next moves with AI

Given the precarious excitement of the moment—or is it exciting precarity?—policymakers and healthcare leaders must set directives guiding not only what to do with AI but also when to do it. 

Cardiovascular Business
Biden chooses semaglutide for next round of Medicare price negotiations—Trump gets final say

The final list also included diabetes drugs sold by Boehringer Ingelheim and Merck. The first round of drug price negotiations reduced the Medicare prices for 10 popular drugs by up to 79%. 

AI in Healthcare
4 ways HHS plans to help shape a national strategy for healthcare AI

HHS has thought through the ways AI can and should become an integral part of healthcare, human services and public health. Last Friday—possibly just days ahead of seating a new secretary—the agency released a detailed plan for getting there from here.