According to the reports of Saint Francis Health System, unauthorised access to their server was detected on the 7th September 2016. During the data security breach, the perpetrators managed to obtain sensitive personal data like patient information.
Sevan Roberts, Saint Francis spokesman, said the perpetrators anonymously demanded a ransom to recover the stolen information. He added that after working with forensic investigators, additional conclusions have been drawn. For example, they managed to determine that the perpetrators stole a list containing up to 6000 names and addresses. Luckily, information such as driver’s licenses and Social Security numbers were not included on the list.
After that, the hospital disabled the server until further notice. They thoroughly discussed the situation with law enforcement. Their stance to date has been to not comply with the perpetrators’ demands, which means they are refusing to pay the ransom.
The Saint Francis media statement mentioned they decided not to comply with the demands because doing so would still not guarantee the data being secure from disclosure. The report went on to say they regret that such a thing had occurred, and that they place a great deal of importance on protecting the personal information of their patients.
Their patients have already been alerted of the breach through notification letters sent by the hospital. Every potentially affected patient has received one. The hospital is also working with the federal authorities and will be providing complimentary participation in identity monitoring services.