Patient Data Breached in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital

Family Christian Health Center (FCHC) based in Illinois has announced suffering a ransomware attack in November 2021 that resulted in the compromise of the protected health information (PHI) of 31,000 patients. The ransomware attack was discovered on November 30, 2021, and the investigation confirmed that the attackers first acquired access to its data systems on or approximately November 18, 2021.

The attackers accessed FCHC’s old dental system which held the PHI of individuals who had acquired dental services prior to August 31, 2020. The system stored the patients’ names, birth dates, driver’s license numbers, insurance card numbers, and copies of patients’ insurance cards and driver’s licenses. FCHC stated details concerning the dental care given, credit card numbers, and the Social Security numbers of affected dental patients had not been compromised. The non-dental patients who obtained healthcare services from December 5, 2016, to August 31, 2020, were also impacted. The data included names, addresses, birthdates, insurance ID numbers, and Social Security numbers.

FCHC and external IT providers worked together to look into the breach. A forensic professional was employed to find out how the attackers obtained access to the network and to suggest additional security procedures to avoid other attacks. FCHC mentioned it has put in place additional technical safeguards.

Patient Information Possibly Compromised in Jackson County Hospital Ransomware Attack

Jackson County Hospital located in Florida recently stated that unauthorized individuals had accessed certain systems within its system and potentially viewed or got the personal and medical data of selected patients. The security breach was noticed on or about January 9, 2022, when several systems were inaccessible.

Third-party forensic experts investigated the cyberattack and established the exfiltration of limited patient information from its systems, which include names, addresses, dates of birth, telephone numbers, Social Security numbers, medical histories, medical ailments/treatment details, medical record numbers, patient account numbers, diagnosis codes, Medicare/Medicaid numbers, financial account data, and usernames/passwords. At this period, Jackson County Hospital did not find any evidence that suggests there was a misuse of patient data however impacted patients were instructed to be attentive and to look at their account statements and explanation of benefits statements for indications of fraudulent activity.

Jackson County Hospital mentioned the cyber attack investigation is in progress and steps are being done to enhance security. Present policies and procedures are being evaluated and extra administrative and technical safety measures will be enforced to further protect the information in its systems.

The cyberattack has been reported to the HHS’ Office for Civil Rights yet it is not yet appearing on the breach website, therefore it is presently uncertain how many individuals were affected.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone