St. Joseph’s/Candler health system contacting patients after ransomware attack
SAVANNAH, Ga. (WTOC) - Many St. Joseph’s/Candler patients are getting letters in the mail, warning them their personal, medical, and financial information may have been stolen due to the recent ransomware attack on the hospital system.
The breach happened two months ago. However, we still do not know how many patients’ information is at risk or who is responsible for the attack.
Addresses, social security numbers, financial information and more could be in the wrong person’s hands.
”We went from a fully integrated system to a paper system and we have not done that in 25 years,” said St. Joseph’s/Candler CEO and President Paul Hinchey.
You may remember major industries have been hit recently by ransomware attacks. However, cybersecurity experts say threats in hospitals are much different.
” It’s payday,” said Cyber Security Solutions President and CEO Horacio Maysonet. “They know that they can get the money quicker through a hospital because we are dealing with the pandemic. There are people’s lives involved so systems, an organization, is going to do anything that I need to do to get systems back and running to keep people alive.”
Maysonet says hackers will sell your information on the dark web just to make a quick buck.
”A medical record or medical information or insurance information goes for about 60 dollars to 75 dollars per person, per record,” said Maysonet.
According to letters St. Joseph/Candler Health System sent patients, the system says they determined an “unauthorized party” gained access to their IT network between December 18, 2020, and June 17, 2021.
Hinchey says they have taken security measures to prevent this from happening again.
”We have hired several national companies, one who does all the security for Amazon and we put in all of these firewalls to make sure we mitigate that as best we can from ever happening again because once is enough,” said Hinchey.
The hospital system says they were still able to care for and admit patients. The criminal investigation into the ransomware attack is ongoing. The hospital system sent a statement to WTOC about letters patients may have received in the mail.
“SJ/C is notifying and providing resources to individuals whose information may have been involved in the recent data security incident. We mailed notification letters to individuals in accordance with applicable law. We’ve communicated all of the information we have to share at this time regarding the incident. Our focus is on supporting and caring for our patients and community during this unique and challenging time.”
If you happened to receive more than one letter in the mail or a letter that is not addressed to you, the hospital system says you can return the mail back to the sender. A spokesperson for SJ/C says they used the most recent mailing address available for individuals.
Maysonet says the typical penalty for companies is to pay at least 6 months of credit monitoring. St. Joseph’s/Candler Health System is offering to pay for one year of monitoring with Experian’s IdentityWorks.
Here are some tips to keep your information safe:
- After that one year is up, sign up for an identity theft monitoring service. You can find companies on the Better Business Bureau website
- If you have children, consider freezing their credit until they are older. It is free to do and prevents anyone from opening an account in their name.
- Use different passwords for different accounts. Using the same password gives criminals access to everything.
Copyright 2021 WTOC. All rights reserved.