Hackers were inside an Iowa hospital’s network for two weeks

Chad Van Alstin | | Health Exec | Cybersecurity
ransomware cybercrime

Photo by Kaur Kristjan via Unsplash

Hackers breached the IT systems of a hospital in Iowa, accessing files and downloading patient records to an offsite location. 

St. Anthony Regional Hospital confirmed the data breach in a statement, saying the facts surrounding the breach, including the the names of patients impacted, are still being investigated. The nature of the cyberattack was not revealed.

The incident happened in August, with cybercriminals first accessing St. Anthony’s network on the 14th. The breach was not discovered until the 26th, and criminals maintained partial access to the hospital’s systems until the 28th, St. Anthony confirmed. 

There was no mention of a system outage, nor any impact to patient care delivery. 

The U.S. Department of Health and Human Services Office for Civil Rights was notified about the breach on Oct. 25. According to their reporting, 501 patients were impacted—however, that number is a placeholder, as St. Anthony has yet to provide an exact count. 

“We are currently undertaking a comprehensive review to determine the information that may have been present in the potentially impacted files and to whom the information relates. Once complete, we will notify potentially affected individuals identified through the review process via written letter,” the hospital said in the statement. 

St. Anthony added that compromised records include protected health information, such as full names, addresses, dates of birth, Social Security numbers, financial information and private medical information such as treatments and diagnoses. 

The hospital is offering legally required identity protection services to those affected. However, St. Anthony said it does not have evidence stolen information was used for fraud. Currently the data is not posted for sale on dark web forums. 

The full data breach notification from St. Anthony can be found here.

Related Articles:

Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
Boston Children's physician group suffers data breach
Ransomware hit 67% of healthcare organizations this year—more than half paid up
Lehigh Valley Health Network to pay $65M after nudes of patients leaked online
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Data breach at chain of clinics impacts 450K patients
Nebraska becomes first state to sue Change Healthcare over data breach
Christmas ransomware exposed over 300K patient records to dark web
Cryo-frozen tissue manufacturer suffers cyberattack
First surgical device of its kind granted key FDA exemption

Around the web

Cardiovascular Business
FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare
From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Cardiovascular Business
Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.