Fitzgibbon Hospital
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Fitzgibbon Hospital, a non-profit community hospital based in Marshall, Missouri, experienced a significant cybersecurity incident in 2022. This incident was identified as a ransomware attack that affected the personal and medical information of approximately 112,000 patients. The attack was detected on June 6, 2022, and the hospital immediately launched an investigation to determine the nature and extent of the breach. The unauthorized access resulted in the exposure of patients’ full names, Social Security numbers, driver’s license numbers, financial account numbers, health insurance information, and medical information
On December 30, 2022, Fitzgibbon Hospital sent out data breach notification letters to all individuals whose information was compromised as a result of the attack
The hospital also filed a notice of the data breach with the U.S. Department of Health and Human Services Office for Civil Rights
Patients whose Social Security numbers were impacted were provided with complimentary credit monitoring services
The ransomware group responsible for the attack, identified as the Daixin Team, claimed to have exfiltrated 40 GB of data from the hospital’s systems. This included sensitive documents and database tables from the MEDITECH database, as well as information related to the hospital’s cybersecurity measures
Despite the hospital’s efforts to secure its systems and comply with privacy and security standards, the breach highlighted vulnerabilities in its cybersecurity defenses
In addition to the immediate impact on patient privacy and data security, the ransomware attack and subsequent data breach have broader implications for Fitzgibbon Hospital. The hospital is one of many rural hospitals in Missouri facing financial challenges, with a report indicating that Fitzgibbon Hospital is at risk of closure due to financial difficulties
This situation underscores the vulnerability of rural healthcare institutions to both cybersecurity threats and financial instability.