A crippling cyberattack that knocked out most of the systems and operations at Hospital Sisters Health System (HSHS) in August 2023 impacted the personal information of roughly 883,000 individuals.
The outage started on August 27, 2023, impacting internal systems, communications and internet systems, phones, internal applications, the MyChart and MyPrevea applications, online payments, and HSHS’s website, and lasted for several days.
All 15 HSHS hospitals in Wisconsin and Illinois, as well as Prevea Health clinics, were forced to implement downtime procedures, but continued to provide care to patients.
The investigation into the attack revealed that hackers had access to the non-profit healthcare system’s network between August 16 and August 27, and that they accessed certain files, including files containing personal information.
The potentially compromised information, HSHS says, includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, treatment information, and health insurance information.
HSHS started notifying the potentially affected individuals in October 2023, but in August 2024, one year after the incident, it said it had not yet determined how many people were affected.
In September 2024, it published an open letter saying that it had received reports of patients being targeted in fraud schemes that impersonated HSHS representatives.
This week, the healthcare provider informed the Maine Attorney General’s Office that 882,782 individuals were impacted by the data breach. HSHS is providing the affected individuals with free identity theft protection and credit monitoring services.
Related: 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations
Related: Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina
Related: Security Teams Pay the Price: The Unfair Reality of Cyber Incidents
Related: Contec Patient Monitors Not Malicious, but Still Pose Big Risk to Healthcare
