GA: St. Joseph’s/Candler ransomware investigation ongoing, patients offered identity protection

The healthcare system is fully operational, but isn’t ruling out possible misuse of patient information.

The Savannah area’s largest health-care system, St. Joseph’s/Candler, has returned to “fully operational” status after suffering a cyberattack on its IT network earlier this year, according to CEO Paul Hinchey.

The ransomware attack was detected on June 17, but further investigations revealed that the unauthorized party gained access to the hospital system’s IT network between Dec. 18, 2020, and June 17, 2021, according to a letter sent to patients last week.

Soumitra Bhuyan, assistant professor at the Edward J. Bloustein School of Planning and Public Policy at Rutgers University, previously told the Savannah Morning News, “On average, it takes about 96 days to even identify the data breach. And it can take up to a year. There are hospitals that did not identify that a breach happened for a year.”

The investigation into the St. Joseph’s/Candler cyberattack is ongoing. The health-care system is offering patients membership in an identity protection service with Experian.

Ransomware attacks often involve hackers that encrypt files and demand a ransom before restoring the data. St. Joseph’s/Candler has declined to comment on the amount of the ransom.

While the health system did not cancel any surgeries or procedures, the attack did temporarily halt telephone communications and handicap computer systems, making certain files inaccessible. Also, cancer treatment patients were asked to verify appointments for a period of time.

“We’re fully operational right now,” said CEO and President Paul Hinchey. “There are a few hotspots where we have to change out computers. But in terms of the hospital … we’re back electronically, which was a big sea change for us, because we went from a fully integrated system to a paper system and we haven’t done that in 25 years.”

In the letter to patients, St. Joseph’s/Candler states that possible information at risk includes “name in combination with address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, financial information, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information regarding care you received from SJ/C.”

The health system recommends patients review statements from their health-care providers and health insurance plan and monitor their financial accounts for fraud or suspicious activity. Enrolling in the Experian service will not affect one’s credit score, according to the health system.

Hinchey could not comment further on the status of the cyberattack investigation but said the health system is increasing its security to mitigate future risks.

“These entities, they reinvent themselves at warp speed,” said Hinchey. “So we’ve hired several national companies, one who does all the security for Amazon, and we put in all of these firewalls to make sure we mitigate that as best we can from ever happening again because once is enough.”

Article Link


National Association of Drug Diversion Investigators Federal Tax ID: 52-1660752 / DUNS Number: 073539913

Copyright © 2022 - NADDI. All Rights Reserved. Privacy Policy / Trademark Policy / Copyright Policy / Refund Policy

Log in with your credentials


Forgot your details?

Create Account