Hackers were inside an Iowa hospital’s network for two weeks

Hackers breached the IT systems of a hospital in Iowa, accessing files and downloading patient records to an offsite location. 

St. Anthony Regional Hospital confirmed the data breach in a statement, saying the facts surrounding the breach, including the the names of patients impacted, are still being investigated. The nature of the cyberattack was not revealed.

The incident happened in August, with cybercriminals first accessing St. Anthony’s network on the 14th. The breach was not discovered until the 26th, and criminals maintained partial access to the hospital’s systems until the 28th, St. Anthony confirmed. 

There was no mention of a system outage, nor any impact to patient care delivery. 

The U.S. Department of Health and Human Services Office for Civil Rights was notified about the breach on Oct. 25. According to their reporting, 501 patients were impacted—however, that number is a placeholder, as St. Anthony has yet to provide an exact count. 

“We are currently undertaking a comprehensive review to determine the information that may have been present in the potentially impacted files and to whom the information relates. Once complete, we will notify potentially affected individuals identified through the review process via written letter,” the hospital said in the statement. 

St. Anthony added that compromised records include protected health information, such as full names, addresses, dates of birth, Social Security numbers, financial information and private medical information such as treatments and diagnoses. 

The hospital is offering legally required identity protection services to those affected. However, St. Anthony said it does not have evidence stolen information was used for fraud. Currently the data is not posted for sale on dark web forums. 

The full data breach notification from St. Anthony can be found here.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup