Ransomware Attacks Impact UF Health and Sturdy Memorial Hospital

by | Jun 8, 2021 | Compliance News

Sturdy Memorial Hospital based in Attleboro, MA is informing 57,379 patients concerning a computer security breach that transpired on February 9, 2021 during which patient data was thieved. As per the breach notice released by the hospital, an unauthorized individual obtained access to its systems nevertheless the hospital secured its networks eventually that day.

The unauthorized person required a ransom payment to avert the disclosure/selling of information stolen during the cyberattack. The hospital had taken the decision to pay the ransom demand and got promises that all stolen data will be completely deleted and will not be further exposed. It is uncertain if this was merely an information theft occurrence or whether ransomware was employed with the attack.

Third-party computer forensics professionals were involved in checking out the breach, and an assessment was carried out to find out what patient information was exposed. The analysis was concluded on April 21, 2021 and all affected people began getting notification letters on May 28, 2021.

Sturdy Memorial Hospital mentioned that aside from its own patients, a number of patient data from other healthcare company partners – South Shore Medical Center Harbor Medical Associates, and providers connected with South Shore Physician Hospital Organization – was at the same time compromised.

The exposed patient data differed from person to person and might have contained at least one of these data elements: Name, birth date, address, telephone number, driver’s license number, Social Security number, other government ID number, bank name,
routing number, financial account number, credit card number and security code, Medicare Health Insurance Claim numbers, health background information, treatment or diagnosis data, procedure or diagnosis codes, prescription details, provider name, Medicare/Medicaid number, medical record number, medical insurance details, and treatment cost data. Sturdy Memorial Hospital reported that the attack didn’t affect its electronic health record system.

Free credit monitoring and identity protection services are being made available to persons who had their driver’s license number or Social Security number exposed in the attack. Extra safeguards and technical protective measures were already put in place at Sturdy Memorial Hospital to better safeguard and check its IT systems.

Villages and Leesburg Hospitals Affected by UF Health Ransomware Attack

University of Florida Health (UF Health) was compelled to undertake downtime measures subsequent to a ransomware attack on May 31, 2021. Workers employed pen and paper to log patient data since computer systems and email weren’t available because of the attack.

The attack impacted The Villages and Leesburg Hospitals. UF Health Central Florida discovered the attack on the night of May 31 upon noticing abnormal activity on its computer systems. The attack doesn’t seem to have affected the Jacksonville And Gainesville campuses.

The attack is being inspected and attempts are ongoing to make sure that systems and data files are safe. All UF Health hospitals still offer healthcare services and patient protection was not impacted. It is at this time uncertain if the attackers took patient information before using ransomware to encrypt data files.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy

Categories