Savannah, Ga.-based St. Joseph's/Candler began notifying patients and employees Aug. 10 that their personal information was exposed by an unauthorized third party between December 2020 and June 2021.
After discovering "suspicious network activity" June 17, St. Joseph's/Candler shut down its IT systems and switched to backup operation methods including paper documentation to limit the potential effects of a ransomware attack.
The health system launched an investigation into the attack, which found that a hacker gained access to the IT network between Dec. 18, 2020, and June 17, 2021. While in St. Joseph/Candler's network, the unauthorized individual launched the ransomware attack that made files on the health system's IT systems inaccessible, according to the Aug. 10 notice.
Patient and co-worker information exposed by the incident included names, Social Security numbers, addresses, patient account numbers, financial details and health insurance plan member ID numbers.
The health system said it has updated its technical security measures for monitoring its IT systems and also is offering free credit monitoring services.