Attack Exposes 405,000 Individuals at Texas Health Care Provider
St. Joseph Health System (SJHS), a Bryan, Texas-based not-for-profit health care provider, said on Tuesday that between Dec. 16 and Dec. 18, 2013, the organization experienced a data security attack which exposed patient and employee data stored on server.
According to the provider of health services, attacker(s) hacked into a server and accessed patient and employee data files from St. Joseph Regional Health Center, Burleson St. Joseph Health Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center.
The data accessible to attackers included a combination of names, social security numbers, dates of birth, and possibly addresses, the organization said. For the affected patients, medical information was also accessible, and for some employees, bank account information was exposed.
The attackers appeared to be operating from IP addresses in “China and elsewhere”, the organization said.
“As soon as the incident was discovered, SJHS took the affected server offline and launched a thorough forensics investigation with national security and computer forensics experts,” a statement explained. “The investigation, which is ongoing, confirmed that approximately 405,000 former and current patients’, employees’ and some employees’ beneficiaries’ information was accessible to the unauthorized parties.”
“While it is possible that some information was taken, the forensics investigation has been unable to confirm this,” the statement continued. “SJHS does not believe any of our former/current patients’, employees’ or their beneficiaries’ information is at further risk because of this incident.”
Affected individuals whose information was accessible are receiving notification letters by mail in the coming days providing them information on this incident.
For individuals who may have been affected by the incident, SJHS said it would provide a confidential call center to handle questions related to the breach, along with free identity protection services for one year for affected patients and employees.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
