Open swidup opened 1 year ago
CentraState Medical Center, HQ: Freehold, NJ, NAICS: 62621 (Hospitals, clinics, healthcare), EMP: 2383, noticed “unusual activity” within its computer systems on Dec 29, 2022. They immediately took steps to contain the incident. Investigation showed an archived database was stolen containing information of 617000 patients: social security numbers, name, address, date of birth, health insurance information, medical record numbers, patient account numbers, care received, prescription information, and doctor’s notes. Dec 30, 2022 a notice was placed on their website of hack. Feb 10, 2023 letters were sent to victims notifying them their sensitive information was accessed and offering free crediting monitoring/ID theft protection (duration was not noted).
Note: There is no direct evidence (no encryption, asking for ransom, etc) this was a ransomware attack, although a few sites list it as such. The hospital shut down the network to prevent further infiltration, which caused employees to use paper records and had ambulances deviate to other hospitals. Ransomware looks to be becoming a buzzword in articles. There have been some articles for different entities having a ransomware attack, but the payload did not deploy due to “measures taken”. Need to monitor the trend to ensure that non-ransomware attacks are not being miscategorized.
https://www.scmagazine.com/analysis/ransomware/nj-hospital-centrastate-diverting-patients-after-cyberattack-it-shutdown