Northwestern Memorial HealthCare had notified around 56,000 donors and patients that their personal recorders were being comprised earlier this year (Jimenez, 2020). One of the hospital vendor Blackbaud, had an successful attack on their system earlier this year and as a result unauthorized person was able to access the hospital systems. The hospital has also notified the U.S. Department of Health and Human Services along with the patients those data was being breach. After the investigation, the hospital has confirmed that the data that was being access was only the donor’s or patient’s personal information and not their health information. Hospital has also confirmed that the attack was not on their health care system which those system includes the electronic medical records. Blackbaud believes that the data that was being compromised that no reason to get misused or made publicly available. They have also said that the intention for the attack was to only disturb the business by encrypting their systems which they company was successful to prevent from happening. Blackbuad has also hired an third-party team to monitor the black web to monitor for any of the data that are being compromised.
References:
Jimenez, A. 2020. Northwestern Memorial HealthCare warns 56,000 donors and patients about data breach. Retrieved from: https://www.chicagotribune.com/business/ct-biz-northwestern-medicine-data-breach-56000-individuals-20200904-bvizgdmwcrcuvou7fv3rx4b2au-story.html
This is an interesting article because the hospital made it seem like it was no big deal that patient’s PII was leaked but no medical records. The loss of PII is always a major issue in a breach. If the attackers exfiltrated social security numbers and matching names, birthdays, and addresses, they easily perform identity theft on the victims. It seems like Northwestern Memorial HealthCare is taking this breach a bit to lightly.