Some Eskenazi Health data was compromised in the ransomware attack earlier this month, according to a statement from hospital officials. It was obtained by hackers and posted on the dark web -- something experts say is increasingly common.
Eskenazi Health officials say they did not pay the hackers’ requested ransom, and that the hospital’s security systems were successfully deployed during the attack. The hospital remains functional, and is working with the FBI on an investigation of the attack.
The American Hospital Association’s cybersecurity expert John Riggi says an estimated 30 percent of health care institutions pay the ransom when they are breached by a ransomware attack.
Forensic experts have begun the “painstaking process” of searching the files for patient or employee information, according to a hospital statement. There is no current evidence of bank or credit card fraud.
“However, for now, employees, providers, patients, former patients and vendors should closely monitor bank and credit card statements, as well as other personal information,” the hospital said in a statement.
The cyber event temporarily shut down access to electronic medical records of patients and required the hospital to divert ambulances.
Some online blogs have identified the group “Vice Society” as the hackers who attacked Eskenazi Health. They are reported to be the same group that carried out a cyberattack against a New Zealand health department earlier this year.