Indianapolis-based Eskenazi Health began notifying patients and employees Oct. 1 that their protected health information was exposed earlier this year after a ransomware attack on the hospital.
Six things to know:
1. Eskenazi Health shut down its computer network Aug. 4 and put its emergency department on diversion "out of an abundance of caution" and to preserve the safety of patient care.
2. The hospital remained on diversion and postponed some elective procedures for a few days after the attack before opening back up to full operations later in August, The Indy Star reported Aug. 24.
3. In an Oct. 1 notice on its website, Eskenazi Health said it discovered that cyber criminals accessed its network on or about May 19 using a malicious internet protocol address. Once they infiltrated the network, the hackers disabled security protections, which made it difficult for the hospital to detect their activity until they launched the cyberattack.
4. Eskenazi Health said there is no evidence that the hackers locked any of its data files, and it did not pay a ransom.
5. The hackers did steal Eskenazi Health patient and employee data and posted some of the information on the dark web. This data included names, birthdates, Social Security numbers, medical record numbers and insurance information.
6. Eskenazi Health is offering free identity theft and credit monitoring services to individuals affected by the incident.