Eskenazi Health Foundation Suffers Ransomware Attack

Eskenazi Health Foundation, a key division of the Health & Hospital Corporation of Marion County, recently fell victim to a ransomware attack by the group known as vicesociety. This cyberattack, which took place on August 4, 2021, led to the unauthorized access of personal and health information of certain employees and patients. With 1,515,918 individuals affected, it stands as the most significant healthcare data breach reported in the year 2021.

The Impact of the Attack

Eskenazi Health has long been dedicated to providing comprehensive healthcare services to all individuals, emphasizing accessibility and compassionate care. This commitment, however, also makes it an attractive target for cybercriminals looking to exploit vulnerabilities within the healthcare industry.

The cyberattackers managed to infiltrate Eskenazi Health's network by employing IP spoofing techniques on May 19, 2021. They successfully bypassed the hospital's security measures, rendering the detection of any malicious activity challenging. The breach remained undetected until August 4, 2021, when the IT department noticed unusual activity on their network. In response, the hospital swiftly took its network offline and resorted to manual record-keeping, which disrupted access to electronic health records for nearly a week.

Following the discovery of the breach, Eskenazi Health took immediate action to notify affected patients and employees by October 1, 2021. The notification confirmed the ransomware attack and outlined the steps taken by the hospital to address the breach. Affected individuals were provided with information regarding the breach and the personal and health information (PII/PHI) involved, along with offers for credit monitoring and identity theft protection services.

Response and Commitment to Security

In the aftermath of the attack, Eskenazi Health has reaffirmed its dedication to maintaining the privacy and security of its patients and employees. The hospital has since reviewed and enhanced its security protocols, policies, and procedures to fortify its defenses against potential future data breaches. Collaborating closely with forensic experts, Eskenazi Health has identified and addressed vulnerabilities within its network to prevent similar incidents.

This incident underscores the critical need for robust cybersecurity measures within the healthcare sector, highlighting the risks posed to sensitive patient information by cybercriminal activities.

Sources

• Eskenazi Health Foundation. (n.d.). Home - Eskenazi Health Foundation.
• HIPAA Journal. (2021, October 7). Eskenazi Health Confirms Patient Data Was Stolen in August Ransomware Attack.
• DataBreaches.net. (2021, November 17). Update: Eskenazi patients receive letter in the mail alerting them of cyber security breach 6 months ago.
• IndyStar. (2021, August 9). Eskenazi Health still on diversion days after ransomware attack.
• Paubox. (2021, December 10). Eskenazi Health notifies patients of data breach.
• Eskenazi Health. (2021, October 1). Eskenazi Health Provides Notice to Patients and Employees of a Data Breach.