Saint Francis restored some medical records but could not backup others.
Photo/Thumb have been modified. Courtesy of Bits and Splits - Fotolia.
More than 107,000 patients’ health information is at risk after cyberattackers got access to Ferguson Medical Group’s computer network prior to being acquired by Saint Francis Medical Center, the health system reported this week.
The cyberattackers requested an undisclosed amount of ransom from Saint Francis in order to regain access to patients’ medical records. The health system did not pay the ransom and opted to restore access to the records through available backup files.
Not paying the ransom is in line with recommendations from the FBI to not comply because paying does not guarantee an organization will regain access to its data. Paying ransomware could also make the organization more susceptible to similar attacks from other cybercriminals.
In Sept. 2019, Saint Francis learned that Ferguson Medical Group’s computer network was victim to a cyberattack. Due to the attack, medical records for services at Ferguson before Jan. 1 were made inaccessible. The health system was asked to pay ransom.
After choosing not to pay the ransom, the health system used backup files to restore access to the records, however, Saint Francis could not restore all of the impacted records.
Inside Digital Health™ reached out to Saint Francis to learn more specifics about the ransomware and the affected information but did not hear back with answers.
Records for services at Ferguson between Sept. 20, 2018 and Dec. 31, 2018 could not be restored, Saint Francis said in a notice published on its website on Tuesday.
Although Saint Francis does not believe the cyberattackers got access to patients’ health information, the health system still notified all impacted individuals who can be identified. Saint Francis provided patients with precautionary steps and is offering a complimentary credit monitoring service.
“Saint Francis regrets that this incident occurred and is committed to providing quality care and safeguarding personal information,” the notice said, while not giving details about how the health system is working to maintain security.
Get the best insights in digital health directly to your inbox.