Update on Eskenazi Health Cyber Incident
Eskenazi has issued an updated notice about their security incident. They talk about “if they find” PII or PHI, but the reality is that this site already saw and reported that there was such information in the data dumped by Vice Society. From this site’s perspective, the only question is how many employees and patients does Eskenazi need to notify and what types of information were compromised for each individual. Then, too, let’s see if Eskenazi actually tells patients that their data was not only exfiltrated but dumped on the dark web where anyone can download it for free.
Eskenazi Health experienced a cyber event on August 4. We have prepared for events such as this and we quickly acted in accordance with our information security protocols to maintain the safety and integrity of our patient care. The health system is open and operating with patient procedures and appointments underway. Our treatment of COVID-19 patients and our vaccination efforts are unaffected. We continue to conduct a thorough forensic evaluation of our systems.
Through our investigation, we have learned that some data that we maintain was obtained by bad actors and released online. Our forensic experts are monitoring for this, we have identified files that the hackers obtained, and we have begun the painstaking process of examining those files for any personal patient or employee information. If we find such information, we will notify the affected individuals in accordance with law and offer identity protection and credit monitoring services.
There is no evidence that any of our files were ever encrypted and we will not make any payment to the bad actors. Our system worked as it should and the quick action by staff, in accordance with our information security protocols, enabled us to maintain the safety and integrity of our patient care.
At this time, there is no evidence that this incident has resulted in bank or credit card fraud. However, for now, employees, providers, patients, former patients and vendors should closely monitor bank and credit card statements, as well as other personal information, and report any suspicious activity to authorities and financial institutions. We encourage these individuals to obtain a free credit report from each of the credit reporting bureaus – Equifax, Experian and TransUnion. Individuals can also freeze, and unfreeze, their credit through the credit bureaus. In some cases, this is as easy as a button on their app. The credit bureaus can be reached through the following phone numbers:
- Equifax: 800.525.6285
- Experian: 888.397.3742
- Trans Union: 800.680.7289
We have notified the FBI regarding this event and are working with them on their investigation.