New details — and data — emerge from Eskenazi Health ransomware incident
On August 4, this site noted that Eskenazi Health in Indiana had reportedly gone on diversion protocols following an attempted ransomware attack.
On August 9, the hospital reported that it was still on diversion but that no patient or employee data was affected by the attack – or at least as far as they could tell at that point.
Today, DataBreaches.net accidentally discovered that the health system had been attacked by Vice Society threat actors, and that some patient data has been dumped. Many of the linked files returned 403, but not all. Some of the data DataBreaches.net noted included individual reports of patient deaths in December, 2019. Other data were in a spread sheet format that contained a lot of ePHI fields and data.
Perhaps Vice Society didn’t intend to dump patient data or other files from Eskenazi as the data were purportedly data from a French Hospital that they had newly added to their leak site. But as my daughter is wont to say, “Nobody’s perfect.”
DataBreaches.net has reached out to Eskenazi Health to ask them for a statement about the data dump but received no immediate reply. This site has also reached out to Vice Society to get some clarification from them. This post will be updated when more information becomes available.
Update: In a statement to this site, a Vice Society spokesperson confirmed that they were responsible for the Eskenazi Health attack. They also state that the health system “lost a lot of sensitive data,” and they are in the process of doing a lot of uploading and correcting of folders.