TULSA, Okla. — Quick Facts:
- St. Francis learned someone hacked into their system on Sept. 7
- Health system got demand for payment to recover the hacked information
- St. Francis officials contacted law enforcement authorities to proceed
- Working with forensics firms to investigate and enhance security
- Notification letters will be sent to the 6000 individuals affected
- St. Francis says only names and addresses were taken, not social security numbers
Here is the full statement from St. Francis:
"Saint Francis Health System was notified on September 7, 2016 about an unauthorized external access of a server which led the extraction of some patient data and an anonymous demand for payment to recover the information. Saint Francis immediately began to investigate and disabled the server. After notifying and discussing this matter with law enforcement, Saint Francis decided not to act on the demand because payment does not guarantee or prevent data from being disclosed. The health system understands the importance of protecting our patients’ information, and deeply regrets that this occurred.
Saint Francis has also been working with a leading forensics firm to investigate this incident and look for ways to enhance our existing security measures. Notification letters are being mailed to those individuals who may have been affected and complimentary participation in identity monitoring service is provided."
© 2020 Cox Media Group