439/67 Wednesday, December 11, 2024
Anna Jaques Hospital in Massachusetts, USA, has disclosed a ransomware attack on December 25, 2023, which led to the leak of sensitive health information for over 316,000 patients. The hospital, which provides a range of services including emergency care, maternity, oncology, cardiology, and orthopedic surgery, immediately suspended the affected systems and initiated a forensic investigation. The attack was attributed to the ransomware group “Money Message,” which claimed to have stolen 600 GB of critical data. After failed ransom negotiations, the group published the stolen data on the Tor network on January 26, 2024.
On November 5, 2024, the investigation concluded, revealing that the data breach affected 316,342 patients. The leaked data may include personal identifiable information (PII), medical records, health insurance details, Social Security numbers, driver’s license numbers, financial information, and other health-related data. While the hospital stated there is no evidence of misuse of the stolen data, it began notifying affected individuals on December 5, 2024, and advised them to carefully review financial transactions and health insurance benefit statements.
To mitigate potential damages, the hospital is offering affected individuals free credit monitoring and identity theft protection services (Experian) for 24 months.
Source https://securityaffairs.com/171801/data-breach/anna-jaques-hospital-data-breach.html
