- Hospital Sisters Health System archives New Report at Maine Attorney General
- It confirmed more than 800,000 affected in a breach of August 2023
- Compromed people get one year’s value of free identity theft monitoring
Hospital Sisters Health System (HSHS), a nonprofit, Catholic health care, suffered a cyberattack a year and a half ago, resulting in theft of sensitive patient data.
The company has now submitted a report to the Maine Office of the Attorney General, where the detailed attack, noting that it discovered an “unauthorized third party” that gained temporary access to his network, August 27, 2023.
“After learning from the situation, we immediately took steps to contain and remedy the incident and launched an internal investigation,” HSHS said in the archiving.
Stealing sensitive data
The study determined that the named attackers lived on HSHS ‘network between August 16 and August 27, and during that time, Exfiltrated Sensitive Information belonged to exactly 882,782 people.
“We have since reviewed these files and notified people whose information was found in the files in a rolling basis as our review has continued,” the organization said.
While the type of stolen information varied from person to person, it generally included full names, postal addresses, birth dates, medical registration numbers, limited processing information, health insurance information, social security number (SSN) and driver’s license numbers.
This is more than enough to engage in very personal phishing, identity theft or even thread fraud. However, HSHS says that at this point it has “no reason to believe” the data has been abused.
Healthcare information is in great demand in the black market because it contains sensitive personal, financial and medical data that can be utilized for different types of fraud and cybercrime. Unlike credit card data that can be canceled quickly, stolen medical items provide long -term value as they include social security number, insurance details and medical stories that can be used for identity theft, fraudulent billing, prescription fraud and even extortion. In addition, the resale price of medical items is significantly higher than financial data due to their completeness and difficulty in detection.
That said, even though there is no sign of abuse, “out of an abundance of caution,” HSH’s affected persons offered a year’s value of credit and identity theft surveillance through Equifax.
Via Bleeping computer
