News and HeadlinesIndianapolis Local NewsCrime

Actions

Eskenazi Health data stolen in cyberattack was put on the dark web

Global cyber attack may not be finished yet
Posted
and last updated

INDIANAPOLIS — Health and personal information that was stolen during a cyberattack of Eskenazi computers earlier this year was released on the dark web, according to a letter to Health and Hospital Corporation employees obtained by WRTV.

The letter, which was sent to employees of Health and Hospital Corporation of Marion County and Marion County Public Health Department on Friday, October 1. Those employees include Eskenazi Health and Indianapolis EMS.

The official letter was signed by Paul Babock, president and CEO of the HHC and MCPHD Director Dr. Virginia Caine.

According to the letter, the following information of certain people was posted on the dark web:

  • Name
  • Date of birth
  • Age
  • Address
  • Telephone number
  • Email address
  • Medical record number
  • Patient account number
  • Diagnosis
  • Clinical information
  • Physician name
  • Insurance information
  • Prescriptions
  • Dates of service
  • Driver's license number
  • Passport number
  • Face photos
  • Social Security number
  • Credit card information

In cases of patients who have died, the information that was stolen also may include the cause and date of death, according to the letter.

"Eskenazi Health values its patients, employees and providers and is committed to privacy," the letter read. "We quickly engaged an independent forensic team to investigate and contain the incident and to protect against further criminal activity. Eskenazi Health’s forensic team conducted an extensive investigation and assisted Eskenazi Health with mitigation steps to ensure the cyber criminals were no longer on its network. Eskenazi Health also notified the FBI and enabled additional security measures to further enhance its network security. There is no evidence that any files were ever locked by the cyber criminals, and Eskenazi Health did not make a ransom payment to the cyber criminals."

Eskenazi Health is evaluating its security systems and making improvements to protect the privacy and security of information on an ongoing basis, according to the letter.

"Eskenazi Health has been proactive in its efforts to implement policies, procedures, and safeguards to prevent data compromises from occurring in the future and has worked with its forensic team to identify any areas for improvement," the letter read.

Employees are being offered identity theft protection, including credit monitoring, at no cost regardless if their personal information was compromised, according to the letter.

Letters will be sent to all employees letting them know if their information was compromised.

The Oct. 1 letter comes after officials in August said "some data" was obtained by hackers and released online during a cyberattack.

You can contact the credit bureaus to review your information at the following numbers:

  • Equifax 800-525-6285
  • Experian 888-397-3742
  • Trans Union 800-680-7289