Saint Francis Health System denies ransom demand for 6k patients' data

Tulsa, Okla.-based Saint Francis Health System is opting not to pay a ransom demand to protect information of 6,000 patients obtained by a hacker, because paying doesn't guarantee the data won't be disclosed, Tulsa World reports.

DataBreaches.net reports the hackers initially asked for 24 bitcoin, which the site reports is equivalent to about $14,400.

"The health system understands the importance of protecting our patients' information and deeply regrets that this occurred," reads a statement from the hospital. "Saint Francis has been working with a leading forensics firm to investigate this incident and look for ways to enhance our existing security measures."

According to reports, the system was notified of the breach due to unauthorized access of an external server on Sept. 7. A hospital spokesperson said the compromised data is limited to 6,000 patient names and addresses. The health system is sending notification letters to individuals who may be impacted and providing identity monitoring services.

Initially, someone using the moniker TheDarkOverlord, a hacker or hacking collective responsible for numerous significant hospital data breaches of late, claimed responsibility for the Saint Francis cyberattack, according to DataBreaches.net. However, in subsequent reports, the authenticity of the bad actors that used TheDarkOverlord's name to take credit has been called into question. Sources within the hacking community told DataBreaches.net TheDarkOverlord is in fact not responsible for the Saint Francis Health System breach. 

More articles on data breaches:
Will "digital fingerprint" forensics thwart the data thieves lurking in hospital EHR corridors?
Opinion: How network surveillance can stop hospital hackers
Why cyberattacks aren't harming hospital finances

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months