Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Hackers Break Into Server at St. Joseph Health System Putting 405,000 at Risk

Attack Exposes 405,000 Individuals at Texas Health Care Provider

Attack Exposes 405,000 Individuals at Texas Health Care Provider

St. Joseph Health System (SJHS), a Bryan, Texas-based not-for-profit health care provider, said on Tuesday that between Dec. 16 and Dec. 18, 2013, the organization experienced a data security attack which exposed patient and employee data stored on server.

According to the provider of health services, attacker(s) hacked into a server and accessed patient and employee data files from St. Joseph Regional Health Center, Burleson St. Joseph Health Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center.

The data accessible to attackers included a combination of names, social security numbers, dates of birth, and possibly addresses, the organization said. For the affected patients, medical information was also accessible, and for some employees, bank account information was exposed.

The attackers appeared to be operating from IP addresses in “China and elsewhere”, the organization said.

“As soon as the incident was discovered, SJHS took the affected server offline and launched a thorough forensics investigation with national security and computer forensics experts,” a statement explained. “The investigation, which is ongoing, confirmed that approximately 405,000 former and current patients’, employees’ and some employees’ beneficiaries’ information was accessible to the unauthorized parties.”

“While it is possible that some information was taken, the forensics investigation has been unable to confirm this,” the statement continued. “SJHS does not believe any of our former/current patients’, employees’ or their beneficiaries’ information is at further risk because of this incident.”

Affected individuals whose information was accessible are receiving notification letters by mail in the coming days providing them information on this incident.

For individuals who may have been affected by the incident, SJHS said it would provide a confidential call center to handle questions related to the breach, along with free identity protection services for one year for affected patients and employees.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...