vz-risk / VCDB

VERIS Community Database
Other
577 stars 180 forks source link

NJ hospital CentraState diverting patients after cyberattack, IT shutdown - CentraState Medical Center #19310

Open swidup opened 1 year ago

swidup commented 1 year ago

https://www.scmagazine.com/analysis/ransomware/nj-hospital-centrastate-diverting-patients-after-cyberattack-it-shutdown

swidup commented 1 year ago

https://nj1015.com/personal-data-of-617000-patients-exposed-in-nj-hospital-cyberattack/ 617,000 affected

swidup commented 1 year ago

https://www.jdsupra.com/legalnews/centrastate-healthcare-system-announces-6401097/

etgifford commented 10 months ago

CentraState Medical Center, HQ: Freehold, NJ, NAICS: 62621 (Hospitals, clinics, healthcare), EMP: 2383, noticed “unusual activity” within its computer systems on Dec 29, 2022. They immediately took steps to contain the incident. Investigation showed an archived database was stolen containing information of 617000 patients: social security numbers, name, address, date of birth, health insurance information, medical record numbers, patient account numbers, care received, prescription information, and doctor’s notes. Dec 30, 2022 a notice was placed on their website of hack. Feb 10, 2023 letters were sent to victims notifying them their sensitive information was accessed and offering free crediting monitoring/ID theft protection (duration was not noted).

etgifford commented 10 months ago

Note: There is no direct evidence (no encryption, asking for ransom, etc) this was a ransomware attack, although a few sites list it as such. The hospital shut down the network to prevent further infiltration, which caused employees to use paper records and had ambulances deviate to other hospitals. Ransomware looks to be becoming a buzzword in articles. There have been some articles for different entities having a ransomware attack, but the payload did not deploy due to “measures taken”. Need to monitor the trend to ensure that non-ransomware attacks are not being miscategorized.