Christmas Day Cyberattack: 310,000 Patient Records Breached at Massachusetts Hospital

Christmas Day Cyberattack: 310,000 Patient Records Breached at Massachusetts Hospital

Hospital Data Breach Exposes Over 310,000 Patient Records

Anna Jaques Hospital, a Massachusetts-based not-for-profit community hospital, has disclosed a significant data breach resulting from a Christmas Day 2023 ransomware attack. The incident has affected 316,342 patients, exposing sensitive healthcare and personal information.

The Attack Timeline:
– December 25, 2023: Initial ransomware attack detected
– January 19, 2024: ‘Money Message’ ransomware group began public extortion
– January 26, 2024: Threat actors released stolen data
– November 5, 2024: Forensic investigation completed

Compromised Information Includes:
– Demographic data
– Medical records
– Health insurance details
– Social Security numbers
– Driver’s license information
– Financial data
– Additional personal health information

Response and Mitigation:
The hospital immediately contained the breach by taking affected systems offline and notifying law enforcement. While no fraud cases have been reported, Anna Jaques is offering affected individuals:
– 24-month complimentary identity protection
– Credit monitoring services through Experian and 1B
– Recommendations for implementing fraud alerts and security freezes

The hospital, which serves Merrimack Valley, North Shore, and southern New Hampshire with 83 beds, 200 physicians, and 1,200 staff members, began notifying affected individuals on December 5, 2024, and continues to monitor the situation while encouraging vigilance in reviewing financial statements.

Share This Article