INDIANAPOLIS – Eskenazi Health issued a notice on Friday afternoon detailing a cyberattack that occurred “on or around August 4, 2021” that resulted in the compromise of personal information belonging to employees and patients, including information about health.
Once unusual activity was detected on their system, Eskenazi Health’s information security team took the network offline to protect information and maintain the integrity of their patients. They investigated the activity to identify the scope and nature of the attack, determining that “sophisticated cybercriminals” had gained access to their network on May 19 using a “malicious Internet Protocol address”. Cybercriminals had disabled security protections, making it harder to detect their presence until the attack.
“Eskenazi Health values its patients, employees and providers and is committed to respecting confidentiality,” they wrote in a press release. “Eskenazi Health’s forensic team conducted a thorough investigation and helped Eskenazi Health take mitigation measures to ensure that cybercriminals were no longer on its network. Eskenazi Health has also notified the FBI and activated additional security measures to further improve the security of its network. “
Despite their efforts, data was stolen from its network, and some of that data was published on the dark web, which is a part of the Internet accessible only by certain software. By examining the data, they determined that some people’s medical, financial and demographic information had been obtained by cybercriminals and published on the dark web. Information may include: name, date of birth, age, address, phone number, email addresses, medical record number, patient account number, diagnosis, clinical information, physician name, insurance information, prescriptions, date (s) of service, license number, passport number, facial photos, social security number and any credit card information. In the case of deceased patients, it could also include the cause and date of death.
Those affected will receive a letter from Eskenazi Health detailing what specific types of their information was involved in the cyber attack.
Those affected may want to review the information kept by each of the credit bureaus and all
According to the statement, protection against identity theft, including credit monitoring, is available to those affected at no cost to them. Instructions on how to register for the program will be included in their letter, and if Eskenazi sees additional information, it will be posted on their website.
Those with additional questions regarding this incident should contact (855) 896-4446. It was noted that individuals should be prepared to provide mission number B019316 when speaking with a representative.
Suggest a correction