The St Joseph’s/Candler (SJ/C) health care provider in Georgia has warned a hacker may have accessed patient and employees’ information.
The details at risk include name, address, date of birth, social security number, driver’s licence number, patient account number, billing account number, financial information, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information about the care received.
SJ/C, which runs two hospitals plus a range of support services at 114 locations, says it identified suspicious activity in its IT network on 17 June.
“[We] immediately took steps to isolate and secure [our] systems, notified law enforcement, and launched an investigation with the assistance of cyber security firms,” it added.
SJ/C’s own investigation determined someone gained access to the IT network between 18 December last year and 17 June.
“While in our IT network, the unauthorised party launched a ransomware attack that made files on our systems inaccessible,” the health care provider said.
It is now posting letters to individuals whose information may have been compromised in the incident, has established a dedicated call centre for them and is offering them complimentary credit monitoring and identity protection services.
“We deeply regret any concern or inconvenience this incident may cause our patients,” said SJ/C.
“To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems.”