AP reports:
Officials at a St. Louis health center that serves needy, uninsured residents says a cyber-attack has caused a data breach that potentially affected 152,000 people.
The Betty Jean Kerr People’s Health Center said Friday that the attack involved patient information such as addresses and social security numbers, but no patient medical records. Information on medical providers and health center employees also was breached.
Read more on 5OnYourSide.
The attack occurred on September 2, and was discovered on September 3. The center did not pay the demanded ransom, but even with the help of an IT firm, they could not unlock the files. They write:
Although we have no way of knowing whether the information that has been locked in our system has actually been viewed or accessed by this foreign actor, based on our investigation with the help of the IT firm, we believe the following information may have been breached:
1. Information about our patients from the years 2011 through September 2, 2019 may have been affected. We have determined that the data involved may have included patient names, dates of birth, addresses, social security numbers, limited clinical data, pharmacy data, insurance information and dental x-rays.
2. Information about health care providers who sought to be credentialed by People’s from the years 2010 through September 2, 2019 may have been affected. We have determined that the data relating to health care providers may have included names, addresses and social security numbers.
3. Employee information from the years 2012 through September 2, 2019 may also have been affected. We have determined that the data involved relating to employees may have included names, addresses and social security numbers.
The center’s full statement is below. It does not indicate whether the center had a usable backup or if they have just lost data that they couldn’t unlock. DataBreaches.net has sent them a contact inquiry and will update this post if more information becomes available.
BettyJeanKerr_notice