Hackers published the files, which amount to at least tens of thousands, to a blog on the dark web and exposed patient information including names, addresses, birthdates and medical diagnoses.
The files from Doral, Fla.-based Leon Medical Centers and Nocona (Texas) General Hospital also included thousands of scanned diagnostic results and letters to insurers, according to the report. In January, Leon Medical Centers disclosed its computer systems had been infected with malware in November 2020; hackers were able to access patients’ PHI as a result of the incident.
In an emailed statement to NBC News, a Leon Medical Center spokesperson said, “We are working diligently with third-party forensic experts to complete an investigation into the matter. As soon as possible, we will provide direct notifications to any affected individuals.”
Nocona General Hospital’s computer systems do not appear to have been affected by ransomware, the hospital’s attorney, Brian Jackson, told the network.
“I can’t tell you with absolute certainty that they did not send a ransom demand,” he said. “I can tell you we did not open one.”
More articles on cybersecurity:
FDA names 1st medical device cybersecurity director
The new wave of hacking attempts hitting hospitals: 6 things to know
6 vulnerability points hackers target in hospital cyberattacks