Anna Jaques Hospital, a Massachusetts-based not-for-profit community hospital, has disclosed a significant data breach resulting from a Christmas Day 2023 ransomware attack. The incident has affected 316,342 patients, exposing sensitive healthcare and personal information.
The Attack Timeline:
– December 25, 2023: Initial ransomware attack detected
– January 19, 2024: ‘Money Message’ ransomware group began public extortion
– January 26, 2024: Threat actors released stolen data
– November 5, 2024: Forensic investigation completed
Compromised Information Includes:
– Demographic data
– Medical records
– Health insurance details
– Social Security numbers
– Driver’s license information
– Financial data
– Additional personal health information
Response and Mitigation:
The hospital immediately contained the breach by taking affected systems offline and notifying law enforcement. While no fraud cases have been reported, Anna Jaques is offering affected individuals:
– 24-month complimentary identity protection
– Credit monitoring services through Experian and 1B
– Recommendations for implementing fraud alerts and security freezes
The hospital, which serves Merrimack Valley, North Shore, and southern New Hampshire with 83 beds, 200 physicians, and 1,200 staff members, began notifying affected individuals on December 5, 2024, and continues to monitor the situation while encouraging vigilance in reviewing financial statements.