Top US health provider tells 882,000 patients they were hit in August 2023 breach

healthcare
(Image credit: Shutterstock)

  • Hospital Sisters Health System files new report with the Maine Attorney General
  • It confirmed more than 800,000 affected in an August 2023 breach
  • Compromised people are getting a year's worth of free identity theft monitoring

Hospital Sisters Health System (HSHS), a nonprofit, Catholic healthcare system, suffered a cyberattack one and a half years ago, which resulted in the theft of sensitive patient data.

The firm has now filed a report with the Maine Office of the Attorney General, in which it detailed the attack, noting it discovered an “unauthorized third party” gaining temporary access to its network, on August 27, 2023.

“Upon learning of the situation, we immediately took steps to contain and remediate the incident and launched an internal investigation,” HSHS said in the filing.

Stealing sensitive data

The investigation determined that the unnamed attackers dwelled on HSHS’ network between August 16 and August 27, and during that time exfiltrated sensitive information belonging to exactly 882,782 people.

“We have since been reviewing those files and notifying individuals whose information was found in the files on a rolling basis as our review has continued,” the organization said.

While the type of information stolen varied from person to person, in general it included full names, postal addresses, birth dates, medical record numbers, limited treatment information, health insurance information, Social Security numbers (SSN), and driver’s license numbers.

This is more than enough to engage in highly personalized phishing, identity theft, or even wire fraud. However, HSHS says that at this time it has “no reason to believe” the data has been misused.

Healthcare information is highly sought on the black market because it contains sensitive personal, financial, and medical data that can be exploited for various types of fraud and cybercrimes. Unlike credit card data, which can be quickly canceled, stolen medical records provide long-term value as they include Social Security numbers, insurance details, and medical histories that can be used for identity theft, fraudulent billing, prescription fraud, and even blackmail. Additionally, the resale price of medical records is significantly higher than financial data due to their completeness and difficulty in detection.

That being said, even though there is no evidence of misuse, “out of an abundance of caution”, HSHS offered affected individuals a year’s worth of credit and identity theft monitoring through Equifax.

Via BleepingComputer

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
An abstract image of padlocks overlaying a digital background.
US healthcare giant Ascension says ransomware attack affected nearly six million customers
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
Data breach
Top medical billing firm says data breach hit 360,000 users
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Nintendo Switch 2
Nintendo Switch 2 expected to have AI upscaling and I can't wait to finally play Tears of the Kingdom with upgraded graphics
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Intel Lunar Lake concept
Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors despite former Intel CEO's promise of 2025 launch