INDIANAPOLIS — Eskenazi Health released a notice on Friday afternoon that detailed a cyberattack had occurred “on or about August 4, 2021,” which had resulted in the compromise of personal information belonging to employees and patients, including health information.
Once detecting the unusual activity on their system, Eskenazi Health’s information security team took the network offline in order to protect information and maintain the integrity of their patients. They investigated the activity to identify the scope and nature of the attack, determining that “sophisticated cyber criminals” had gained access to their network May 19 using a “malicious internet protocol address.” The cyber criminals had disabled security protections, which made it more difficult to detect their presence until the attack.
“Eskenazi Health values its patients, employees and providers and is committed to privacy,” they wrote in a press release. “Eskenazi Health’s forensic team conducted an extensive investigation and assisted Eskenazi Health with mitigation steps to ensure the cyber criminals were no longer on its network. Eskenazi Health also notified the FBI and enabled additional security measures to further enhance its network security.”
Despite their efforts, data was stolen from its network, and some of this data was released on the dark web, which is a portion of the Internet that can only be accessed by certain software. Through reviewing the data, they determined that medical, financial and demographic information of certain individuals were obtained by cyber criminals and posted on the dark web. The information may include: name, date of birth, age, address, telephone number, email addresses, medical record number, patient account number, diagnosis, clinical information, physician name, insurance information, prescriptions, date(s) of service, driver’s license number, passport number, face photos, Social Security number and any credit card information. In the case of deceased patients, it could also include cause and date of death.
Impacted individuals will receive a letter from Eskenazi Health detailing which specific types of their information were involved in the cyberattack.
Those who are impacted may wish to review information maintained by each of the credit reporting bureaus and any applicable
According to the statement, identity theft protection, including credit monitoring, is available for impacted individuals at no cost to them. Instructions on how to enroll in the program will be included in their letter, and if Eskenazi becomes aware of any additional information, it will be made known on their website.
Individuals who have additional questions regarding this incident should contact (855) 896-4446. It was noted for individuals to please be prepared to provide Engagement Number B019316 when speaking with a representative.