Ransomware Attacks Affect Sturdy Memorial Hospital and UF Health

Attleboro, MA-based Sturdy Memorial Hospital is notifying 57,379 patients regarding a computer security incident that happened on February 9, 2021 whereby patient data was compromised. In accordance with the breach notice issued by the hospital, an unauthorized individual acquired access to its systems however the hospital secured its networks on the same day.

The unauthorized person asked for a ransom payment to stop the publicity/sale of information stolen in the attack. The hospital decided to pay the ransom and obtain guarantees that all stolen data would be entirely destroyed and wouldn’t be further shared. It is not clear whether or not this was just a data theft case or whether ransomware was applied during the attack.

Third-party computer forensics specialists were engaged in investigating the breach, and an analysis was performed to figure out what patient information was compromised. The assessment was done on April 21, 2021 and all affected people started receiving notifications on May 28, 2021.

Sturdy Memorial Hospital stated that besides its own patients, a few patient data from other healthcare organization partners – Harbor Medical Associates, South Shore Medical Center, and providers associated with South Shore Physician Hospital Organization – was likewise exposed.

The compromised patient information varied from one patient to another and may have involved one or more of the following data elements: Name, date of birth, address, phone number, Social Security number, driver’s license number, other government ID number, bank name, financial account number, routing number, credit card number and security code, Medicare Health Insurance Claim numbers, health history data, treatment or diagnosis details, procedure or diagnosis codes, prescription data, provider name, Medicare/Medicaid number, medical record number, medical insurance data, and treatment cost details. Sturdy Memorial Hospital stated that the attack did not impact its electronic health record system.

Complimentary credit monitoring and identity protection services are being provided to persons who had their driver’s license number or Social Security number breached in the attack. More safeguards and technical security measures were already carried out at Sturdy Memorial Hospital to better secure and keep track of its IT systems.

Villages and Leesburg Hospitals Impacted by UF Health Ransomware Attack

University of Florida Health (UF Health) was pressured to take up downtime processes after a ransomware attack on May 31, 2021. Employees used pen and paper to document patient information as computer systems and email were not accessible due to the attack.

The attack impacted The Villages and Leesburg Hospitals. UF Health Central Florida identified the attack on the evening of May 31 upon detecting strange activity on its computer servers. The attack does not seem to have affected the Gainesville and Jacksonville campuses.

The attack is being looked into and work is underway to make certain that computer systems and information are secured. All UF Health locations continue to provide medical services and patient security was not impacted. It is presently unclear if the attackers stole patient information prior to the usage of ransomware to encrypt data.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA