April 29, 2021 – St. John’s Well Child and Family Center (“St. John’s”) has learned of a data security incident that involved personal or health information belonging to certain current and former patients. On April 29, 2021, St. John’s notified potentially-affected patients of the incident.
On February 3, 2021, St. John’s experienced a data security incident that disrupted access to certain systems. Upon discovering this, St. John’s took steps to secure its network and launched an investigation with the assistance of cybersecurity experts to determine what happened and
whether sensitive information may have been affected. The investigation subsequently revealed that certain personal or health information may have been accessed or acquired without authorization during the incident. On or about March 25, 2021, St. John’s completed a comprehensive review which identified certain patients as potentially affected, and took steps to issue notifications. This information included names, dates of birth, gender, contact information, patient and person identification numbers, medical treatment or diagnostic information, and/or insurance information, and in one case, a Social Security number.
Read the complete notification on their web site.
And while this sounds like a malware/ransomware attack, they do not actually say that it is one.