Exploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
Customers Impacted: 100 million
How It Could Affect Your Customers’ Business It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Source: Portswigger