- Anna Jaques Hospital was hit by ransomware in late 2023
- Negotiations with hackers broke down and the data was leaked
- A year-long investigation determined that 300,00+ customers had their sensitive data posted online
Almost a year after suffering a ransomware attack, Anna Jaques Hospital has concluded its investigation with the news that sensitive data on more than 300,000 people was exposed on the dark web.
The not-for-profit community hospital from Massachusetts was struck by a ransomware threat actor known as Money Message at Christmas 2023. The group forced the hospital to shut down parts of its infrastructure, but still managed to get away with some data from its systems.
At the end of January 2024, Money Message tried to extort the hospital for money, but negotiations were unsuccessful, and the group ended posting the stolen data on the dark web.
No evidence of abuse
The hospital then began its investigation to see exactly what was leaked, and how many people were affected, and has now filed a new report with the Office of the Maine Attorney General.
That report says exactly 316,342 patients have had their data taken, including demographic information, medical information, health insurance information, Social Security number, driver’s license number, financial information, and any other personal or health information provided to Anna Jacques.
While this is more than enough information to run phishing, identity theft, or other scams, the hospital says that to date, there was no evidence to support such claims: “To date, we have no evidence that any of your information has been misused for identity theft or financial fraud as a direct result of this incident,” the company said.
Anna Jaques Hospital is a not-for-profit community hospital located in Newburyport, Massachusetts. It counts 83 beds and 200 physicians, and serves the Merrimack Valley, North Shore, and southern New Hampshire. It is part of Beth Israel Lahey Health, and provides a wide range of medical services.
Via BleepingComputer