Baptist Medical Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In late April 2022, Baptist Medical Center in Texas experienced a significant cybersecurity breach due to a malware incident, affecting over 1.24 million patients. This breach involved unauthorized access and exfiltration of data from the hospital’s systems between March 31 and April 24. The compromised information included sensitive patient data such as names, dates of birth, addresses, Social Security numbers, health insurance details, medical information (including medical record numbers, dates of service, provider and facility names, chief complaints or reasons for visit, and other visit, procedure, and diagnosis information), and billing and claims information. However, it was confirmed that driver’s license numbers, credit and debit card information, bank account information, and account passwords were not involved in this incident. In response to the breach, Baptist Medical Center and Resolute Health Hospital, both part of the San Antonio-based Baptist Health System, have taken steps to enhance their security and monitoring capabilities and harden their systems to minimize the risk of future incidents. They also initiated a forensic investigation, contacted law enforcement, and have been working on mitigating and remediating the incident to prevent further unauthorized activity[1][3][5].

This breach is part of a disturbing trend of increasing cybersecurity incidents affecting healthcare institutions, highlighting the need for improved security measures and vigilance against both external and internal threats. Experts recommend that organizations review and update their disaster recovery and business continuity plans, conduct refresher training on security, and perform annual security risk analyses to better protect patient information[1].

Citations:

  1. https://www.govinfosecurity.com/malware-breach-affects-12-million-medical-center-patients-a-19466
  2. https://integrisok.com
  3. https://www.ksat.com/news/local/2022/06/16/baptist-medical-center-resolute-health-hospital-report-cybersecurity-breach-involving-patient-information/
  4. https://www.hrw.org
  5. https://www.kens5.com/article/money/business/baptist-health-cybesecurity-data-breach-information/273-2d0cb751-f193-433c-a0cc-61568d5cd0f1
  6. https://www.umc.edu
  7. https://www.expressnews.com/news/local/article/baptist-medical-data-breach-17256113.php
  8. https://atriumhealth.org
  9. https://healthitsecurity.com/news/tenet-healthcare-baptist-health-face-healthcare-data-breach-lawsuit
  10. https://goetbutigers.com
  11. https://www.beckershospitalreview.com/cybersecurity/baptist-health-system-4-other-hospitals-report-patient-information-exposed-in-vendor-email-hack.html
  12. https://medicalcityhealthcare.com/locations/medical-city-arlington/
  13. https://www.thelyonfirm.com/blog/baptist-medical-center-data-breach-investigation/
  14. https://www.nytimes.com/2024/02/17/us/politics/trump-allies-abortion-restrictions.html
  15. https://www.idstrong.com/sentinel/baptist-medical-center-malware/
  16. https://www.wsj.com/?%252525252525253butm_=undefined&webview=true
Breach Submission Date Jun 15, 2022
Converted Entity Name Baptist Medical Center
Converted Entity Type Healthcare Provider
State TX
Individuals Affected 1,608,549
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes