Christmas ransomware exposed over 300K patient records to dark web

 Hospital Hit by Ransomware Attack: 300,000 Patients Affected

Last Christmas, Anna Jaques Hospital in Massachusetts faced a ransomware attack. After nearly a year of investigation, the hospital revealed that hackers had stolen over 300,000 patients’ sensitive data and posted it for sale on the dark web.

Data Exposed

The stolen information includes health insurance details, Social Security numbers, names, addresses, driver’s license numbers, financial data, and medical records. The cybercrime group "Money Message" claimed responsibility for the attack. Although the hackers demanded a ransom in January 2024, their extortion attempt failed. Instead, they listed the stolen data for sale on the dark web.

Hospital’s Response

The hospital confirmed that 316,342 affected patients were notified about the breach. Despite the severity of the data theft, Anna Jaques stated there is no evidence suggesting the stolen information has been used for identity theft or fraud. The hospital worked with a cybersecurity firm to investigate the breach thoroughly.'

Timeline of Events

Hackers reportedly accessed the hospital’s network on December 25, 2023. The hospital immediately launched an investigation, contained the breach, and alerted law enforcement. A partial network shutdown followed, but hackers had already transferred the stolen data offsite.

About Anna Jaques Hospital

Anna Jaques is a not-for-profit hospital in Massachusetts with 83 beds and 200 physicians. It is part of the Beth Israel Lahey Health network, which includes 14 hospitals and over 4,700 physicians.

This incident highlights the growing risks of cyberattacks in healthcare.