1.4 Million People Impacted by St. Joseph’s/Candler Ransomware Attack

St. Joseph’s/Candler (SJ/C) hospital system based in Savannah, GA encountered a ransomware attack on June 17, 2021 at about 4 a.m. Upon discovery of the suspicious system activity, SJ/C promptly took action to keep its systems isolated and secure. The attack made the computer systems inaccessible and so emergency procedures were followed. Employees had to use pen and paper to document patient information.

SJ/C informed the police authorities regarding the security breach and started an investigation. With the help of third-party cybersecurity companies, SJ/C confirmed that hackers initially obtained access to its networks on December 18, 2020 and had continued system access until June 17, 2021, during the deployment of the ransomware.

Soon after the attack was discovered, SJ/C stated that it will continue to provide patient care operations at its facilities utilizing proven backup procedures and other downtime operations. The hospital’s doctors, nurses and personnel are properly trained to give care during these types of circumstances and are dedicated to doing anything necessary to offset disruption and give continuous patient care.

As the breach investigation continued, it became apparent that the sections of the network the hackers accessed included files with patients’ protected health information (PHI). A detailed analysis of those files was done and confirmed the files included patient data like names, addresses, birth dates, driver’s license numbers, Social Security numbers, patient account numbers, financial data, billing account numbers, medical insurance plan member IDs, dates of service, medical record numbers, names of provider, and medical and clinical treatment data concerning care obtained from SJ/C.

SJ/C has currently affirmed the potential compromise of the PHI of 1,400,000 patients in the ransomware attack. Sending of notification letters to affected persons began on August 10, 2021 and free credit monitoring and identity theft protection services are being provided. SJ.C stated more safety measures and technical security steps are being enforced to additionally secure and keep track of its systems.