Three weeks after announcing that the hospital had experienced a cyber attack, Eskenazi Health is warning its employees, providers, current and former patients and vendors to monitor their financial accounts for suspicious action.
Hospital officials initially said that they did not believe that any employee or patient information had been compromised in the attack, which happened Aug. 4.
But Tuesday, Eskenazi Health said in a press release that officials have subsequently learned that some data was “obtained by bad actors” and released online. Forensic experts have identified the files and are now examining them for any personal information.
Indiana Department of Health:Cybersecurity company defends decision to access state health department data
If the health network learns that anyone had information stolen, they will let those affected know and offer them protection and credit monitoring services, the release said. However, so far there is no evidence that the breach led to bank or credit card fraud.
Eskenazi Health added that the hospital does not plan to make any payment to the bad actors and that its system worked as it should. The Federal Bureau of Investigation has been notified and is investigating the incident, hospital officials said.
While the hospital went on diversion for a few days after the attack and some elective procedures were postponed, Eskenazi Health is currently open and operating.
The health system’s website is up and working but the website of the Marion County Public Health Department has been down in an incident related to the cyberattack, said Eskenazi spokesman Todd Harper in an email. Marion’s Health & Hospital Corporation oversees both entities.
Hospital officials said in press release that anyone concerned about the release of their personal information can obtain a free credit report through one of three credit reporting agencies, Equifax, Experian or TransUnion.