A significant cybersecurity incident at Hospital Sisters Health System (HSHS) has exposed personal and health information of more than 882,000 patients. The breach, discovered on August 27, 2023, affected the healthcare network’s operations across Illinois and Wisconsin.

HSHS, a non-profit healthcare system founded in 1875 with 15 hospitals and over 2,200 physicians, experienced a widespread system outage that disrupted virtually all operating and phone systems. The unauthorized access occurred between August 16 and August 27, 2023.

Compromised Information:
– Names and addresses
– Dates of birth
– Medical record numbers
– Treatment information
– Health insurance details
– Social Security numbers
– Driver’s license numbers

Response and Recovery:
– External security experts were hired for investigation
– Systems are being restored systematically
– Affected individuals are being notified on a rolling basis
– One year of free Equifax credit monitoring offered to victims

While the incident bears similarities to a ransomware attack, no group has claimed responsibility. HSHS has emphasized prioritizing patient safety during the restoration process, though recovery is expected to take considerable time due to the extensive network of applications and servers involved.

This incident follows a series of major healthcare sector breaches, including Community Health Center’s recent breach affecting 1 million patients and UnitedHealth’s Change Healthcare attack impacting 190 million Americans. In response to increasing healthcare security incidents, the U.S. Department of Health and Human Services has proposed updates to HIPAA regulations to enhance patient data protection.