Sturdy Memorial Hospital began notifying patients May 28 that some of their protected health information had been stolen by hackers, prompting the Attleboro, Mass.-based hospital to pay a ransom to stop the data from being redistributed.
"In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed," the hospital said in a May 28 online statement.
Sturdy Memorial Hospital discovered that an unauthorized party gained access to some of its IT systems Feb. 9; while the hospital secured its network and paid the ransom later that day, it discovered in April that certain PHI belonging to patients was contained in the files exposed by hackers. The information involved in the breach included patient names, Social Security numbers, financial account numbers, routing numbers and/or bank names, credit card numbers, prescription data and health insurance details.
Sturdy Memorial Hospital's EHR was not involved in the incident, according to the online notice.
After an analysis, the hospital determined that some information associated with patients of other providers with which Sturdy previously partnered was involved in the incident. These providers include Harbor Medical Associates, South Shore Medical Center and providers affiliated with South Shore Physician Hospital Organization.
Sturdy Memorial Hospital is offering free credit monitoring and identity protection services for individuals whose Social Security numbers and/or driver's license numbers were exposed.