DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update on Eskenazi Health Cyber Incident

Posted on August 24, 2021 by Dissent

Eskenazi has issued an updated notice about their security incident. They talk about “if they find” PII or PHI, but the reality is that this site already saw and reported that there was such information in the data dumped by Vice Society. From this site’s perspective, the only question is how many employees and patients does Eskenazi need to notify and what types of information were compromised for each individual.  Then, too, let’s see if Eskenazi actually tells patients that their data was not only exfiltrated but dumped on the dark web where anyone can download it for free.

August 24:

Eskenazi Health experienced a cyber event on August 4. We have prepared for events such as this and we quickly acted in accordance with our information security protocols to maintain the safety and integrity of our patient care. The health system is open and operating with patient procedures and appointments underway. Our treatment of COVID-19 patients and our vaccination efforts are unaffected. We continue to conduct a thorough forensic evaluation of our systems.

Through our investigation, we have learned that some data that we maintain was obtained by bad actors and released online. Our forensic experts are monitoring for this, we have identified files that the hackers obtained, and we have begun the painstaking process of examining those files for any personal patient or employee information. If we find such information, we will notify the affected individuals in accordance with law and offer identity protection and credit monitoring services.

There is no evidence that any of our files were ever encrypted and we will not make any payment to the bad actors. Our system worked as it should and the quick action by staff, in accordance with our information security protocols, enabled us to maintain the safety and integrity of our patient care.

At this time, there is no evidence that this incident has resulted in bank or credit card fraud. However, for now, employees, providers, patients, former patients and vendors should closely monitor bank and credit card statements, as well as other personal information, and report any suspicious activity to authorities and financial institutions. We encourage these individuals to obtain a free credit report from each of the credit reporting bureaus – Equifax, Experian and TransUnion. Individuals can also freeze, and unfreeze, their credit through the credit bureaus. In some cases, this is as easy as a button on their app. The credit bureaus can be reached through the following phone numbers:

  • Equifax: 800.525.6285
  • Experian: 888.397.3742
  • Trans Union: 800.680.7289

We have notified the FBI regarding this event and are working with them on their investigation.

Thank you.

Category: Health DataMalware

Post navigation

← Pysa threat actors’ script shows exactly the files they’re after
A new NSO zero-click attack evades Apple’s iPhone security protections, says Citizen Lab →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.