St. Louis health centers hit by ransomware; data of 152,000 at risk

Betty Jean Kerr People’s Health Centers still does not have access to some of its data nearly two months after a ransomware attack locked up its information systems.

The organization, with three care delivery sites in the St Louis metropolitan area, says the attack affected the data of about 152,000 individuals. The incident occurred on September 2.

peoples-collage-CROP.jpg

“After discovery of the breach, we took immediate action to secure our information, and we engaged a forensic information technology firm to assist us,” the organization told patients in a breach notification letter. “We have not paid the ransom, and even with the help of the IT firm, we have not been able to unlock the data.”

While having no knowledge if the locked data has been viewed or accessed by a foreign actor, the organization’s executives believe compromised data includes at least eight types of protected health information, including credentialed providers, Social Security numbers and employee information from 2012 through September 2.

The company is offering one year of credit monitoring services from an undisclosed monitoring firm and counsels affected individuals to also monitor their own credit reports regularly.

“We truly apologize that this criminal act may have affected you,” patients were told in the notification letter. “Please know that we regret any concern this incident may cause you. Be assured that we place a top priority on protecting and keeping secure the information that has been entrusted to us. With the help of highly regarded security experts, we have put further safeguards in place to help prevent future cyberattacks.”

For reprint and licensing requests for this article, click here.