Home » Eskenazi: ‘Bad actors’ obtained data during cyberattack

Eskenazi: ‘Bad actors’ obtained data during cyberattack

| IBJ Staff
Keywords cybersecurity / Eskenazi Health / Health Care & Insurance / Technology
  • Comments
  • Print

Related Stories

Listen to this story

Subscriber Benefit

As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
This audio file is brought to you by
0:00
0:00
Loading audio file, please wait.
  • 0.25
  • 0.50
  • 0.75
  • 1.00
  • 1.25
  • 1.50
  • 1.75
  • 2.00
Eskenazi Health

Eskenazi Health on Tuesday warned its employees, providers, patients and vendors to “closely monitor bank and credit card statements” for “suspicious activity” following a cyberattack to its data network early this month.

The safety-net health system, which operates Eskenazi Hospital west of downtown, said “some data that we maintain was obtained by bad actors” during the attack and “released online.”

Eskenazi shut down its data network and diverted ambulances Aug. 4 following what it then called an “attempted ransomware attack.” At the time, the health system said no patient or employee data was compromised.

Eskenazi Hospital operates a Level 1 trauma center, which is the highest level, certified to handle the most serious, life-threatening conditions. The hospital normally receives hundreds of ambulance deliveries a year.

Story Continues Below

The health system said its IT systems functioned properly, but it shut down the network to “maintain the safety and integrity of our patient care.”

On Monday, Eskenazi said it was “open and operating with patient procedures and appointments under way. Our treatment of COVID-19 patients and our vaccination efforts are unaffected. We continue to conduct a thorough forensic evaluation of our systems.”

The system said there is no evidence that any of its files “were ever encrypted, and we will not make any payment to the bad actors. Our system worked as it should and the quick action by staff, in accordance with our information security protocols, enabled us to maintain the safety and integrity of our patient care.”

It said there was no evidence of bank or credit card fraud, but it said “employees, providers, patients, former patients and vendors should closely monitor bank and credit card statements, as well as other personal information, and report any suspicious activity to authorities and financial institutions.”

It encouraged anybody possibly affected to obtain a free credit report from Equifax, Experian and TransUnion.

“We have notified the FBI regarding this event and are working with them on their investigation,” Eskenazi said.

Please enable JavaScript to view this content.

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our comment policy that will govern how comments are moderated.

Your go-to for Indy business news.

Try us out for

$1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In