Cyberattack on hospital affects 316,000 people

A cyberattack on Anna Jaques Hospital, identified during the 2023 holiday season, breached the sensitive data of 316,000 individuals.

What happened

Anna Jaques Hospital, located in Newburyport, Massachusetts, is notifying 316,000 individuals that their personal and health information was compromised in a cyberattack discovered nearly a year ago, during December of 2023. The cybercriminal group, Money Message, claimed responsibility, alleging that they stole 600 gigabytes of data from the hospital and posted patient and employee records on the gang's dark website in January 2024. The breach, which temporarily disrupted the hospital's IT systems, has yet to be reported on the U.S. Department of Health and Human Services' HIPAA Breach Reporting Tool.

Going deeper

The hospital detected the breach on or around December 25, 2023. Anna Jaques Hospital initially issued a notice on January 23, 2024 while investigating the incident. However, it was only on November 5, 2024, that the hospital completed its "thorough forensic investigation and manual document review," revealing that unauthorized access to sensitive files had occurred. Despite these findings, the hospital did not explicitly mention that data had been stolen and published on Money Message's dark website, which included documents containing detailed personal and medical information.

The compromised information varies per individual but may include demographic information, health insurance details, medical data, Social Security numbers, financial information, and other personal identifiers.

See also: How to respond to a suspected HIPAA breach

By the numbers

• 316,000 individuals were affected by the breach.
• 600 gigabytes of data were allegedly stolen by cybercriminals.
• It took one year for the hospital to complete its forensic investigation.
• The breach was discovered on December 25, 2023.
• Anna Jaques Hospital first posted a notice about the incident on January 23, 2024.

See also: HIPAA Compliant Email: The Definitive Guide

What was said

In a statement released by Anna Jaques Hospital, the hospital confirmed that upon detecting the breach, it took immediate action to contain the network, launch an investigation, and notify law enforcement. The hospital reassured the public, stating, "Anna Jaques Hospital has no indication that there has been any fraud as a result of this incident." However, the statement did not address the fact that the stolen data was posted on the dark web by the cybercriminal group Money Message.

Experts expressed concern about the prolonged investigation timeline. Jeff Wichman, director of incident response at Semperis, criticized the lengthy process, saying, "An entire year for a forensic investigation is unheard of. In my experience, the longest investigations ran four to five months." Paul Underwood, Vice President of cybersecurity at Neovera, noted the difficulty many not-for-profit organizations face in maintaining sufficient cybersecurity staffing. Scott Weinberg, CEO of Neovera, highlighted that the lack of detailed logs could have made it challenging for the hospital to determine the full extent of the breach.

Why it matters

The cyberattack on Anna Jaques Hospital exposes significant challenges for healthcare organizations in managing cybersecurity incidents, particularly during high-risk periods like holidays. While the hospital took steps to contain the breach and notify affected individuals, the long investigation process and failure to address the dark web data leak raised questions about the organization's preparedness and response. Moving forward, healthcare providers must prioritize robust cybersecurity strategies and swift incident management to protect sensitive patient information from evolving cyber threats.

Related: Why is healthcare so prone to cyberattacks?

FAQs

What is a "dark web" marketplace?

A dark web marketplace is an online platform that operates on the dark web where cybercriminals buy and sell illegal goods and services, including stolen personal data, hacking tools, and other illicit items. Stolen data from breaches may be posted or sold on these marketplaces.

What are common signs of a cyberattack?

Signs of a cyberattack can include:

• Unexplained system slowdowns or crashes.
• Unauthorized access to accounts or data.
• Increased network traffic or unusual activity.
• Suspicious email messages or files from unknown senders.
• Alerts from antivirus software or firewalls.