TULSA – Saint Francis Health System is working with investigators after an anonymous person reportedly hacked into its systems and demanded payment in exchange for protecting patient information.
According to Saint Francis, they were notified on September 7 of an unauthorized external access of a server that ultimately led to patient information being stolen.
Saint Francis said the data breach does not involve electronic health or medical records, social security numbers, driver's license information or financial information. The information breached is just related to names and addresses, reported the executive director of communications Lauren Landwerlin.
An anonymous demand was made to the hospital saying that if a payment was not made, then patient’s information would not be returned. Not long after this demand was made, reports Saint Francis, the server was shut down.
Saint Francis says they discussed the incident with law enforcement and decided to not make the payment. In a statement, the hospital stated “After notifying and discussing this matter with law enforcement, Saint Francis decided not to act on the demand because payment does not guarantee or prevent data from being disclosed. The health system understands the importance of protecting our patients’ information, and deeply regrets that this occurred.”
Now, Saint Francis is still working with a leading forensics firm to continue the investigation and find ways to enhance the existing security measures.
Saint Francis says its sending notification letters to patients who have potentially been affected by the incident. Approximately 6,000 patients were affected by the data breach, says Saint Francis.
"We have sent out notifications to patients. They will arrive as soon as the mail service delivers them," said Landwerlin."
Stay in touch with us anytime, anywhere.
Sign up for newsletters emailed to your inbox. Select from these options: Breaking News, Severe Weather, School Closings, Daily Headlines and Daily Forecasts.