Eskenazi Health based in Indianapolis, IN reported a ransomware attack that was discovered on or approximately August 4, 2021.
The IT team noticed suspicious activity and promptly de-activated systems to control the attack. Emergency procedures were enforced and hospital staff used pen and paper to log patient information. With no critical IT systems access, it was decided to re-route ambulances from Health & Hospital Corporation of Marion County to other facilities.
Eskenazi Health launched an investigation to find out the nature and magnitude of the attack. According to the forensic investigation results, the hackers had initially accessed its systems on May 19, 2021 and deactivated its security systems to make sure their access to the network is not noticed. The breach was discovered only after ransomware deployment and encryption of files began.
The forensic investigators affirmed the removal of the attackers from its network and the restored security of its systems. The preliminary investigation into the incident suggested the attackers did not access or steal patient information. Eskenazi Health stated it didn’t give ransom payment and recovered the encrypted data using backup copies.
Eskenazi Health gave an update on October 1, 2021 confirming the added information that the gang responsible for the attack had exfiltrated files with patient data from its systems. A number of those files were published on a dark web data leak page.
An analysis of the stolen information affirmed the inclusion of the following data in the files: names, birth dates, addresses, email addresses, phone numbers, ages, medical record numbers, Social Security numbers, passport numbers, driver’s license numbers, face photos, patient account numbers, credit card data, diagnoses, doctor names, prescribed medications, dates of service, medical insurance data, and cause/date of death for dead patients.
Eskenazi Health is sending notification letters to affected persons and offered free credit monitoring and identity theft protection services. The number of patients affected by the attack is presently uncertain.