[BreachExchange] NorthShore data breach affects over 340, 000 people

Destry Winant destry at riskbasedsecurity.com
Thu Sep 10 10:37:05 EDT 2020


https://wgntv.com/news/northshore-data-breach-affects-over-340000-people/

CHICAGO — A large-scale data breach of NorthShore Health Systems
forces the hospital to warn patients about potential cyber crimes. Now
one expert thinks that other hospitals could be next.

While hospitals have been focused on the COVID-19 pandemic, in at
least one case, hackers focused on them. NorthShore Hospital reported
a data breach that affected an estimated 348,000 people. According to
NorthShore, the information taken included:

- Full names
- Date of birth
- Addresses
- Phone numbers
- E-mails
- Admission and discharge dates
- The name of the physician

Rich Stuppy isn’t connected to NorthShore or the investigation of the
breach but he is one of the chief officers at Kount, specializing in
data breach and fraud control. He said right now, hospitals in general
have a lot on their plate.

“On one of the things that will happen is that many hospitals are
limiting non-essential staff as fraudsters target them they find
commonalities,” Stuppy said. “They get smarter and sharper at every
one that they go to.”

In this case, NorthShore confirms that social security numbers weren’t
accessed and that they moved quickly to minimize any problems.

“This incident was not a breach of NorthShore’s internal systems — no
patient medical records were accessed,” the hospital said.

But targeting hospitals could become a dangerous trend. Just last
week, Northwestern Memorial Hospital notified 56,000 patients that
personal records were accessed. And Stuppy thinks others could follow
as hackers develop a technique.

“Once they learn to exploit it, it’s copy and paste,” he said. “The
businesses that are hacked are victims as well, it’s a very difficult
challenge.”

NorthShore also tells me that based on the data involved, there is low
risk of harm to affected individuals. They are notifying everyone
impacted and reminding people to regularly monitor personal accounts
for any suspicious activity.


More information about the BreachExchange mailing list