Around 54,000 Patients Affected by Ransomware Attack at OSF HealthCare

The not-for-profit Catholic health system located in Peoria, IL, OSF HealthCare, began informing 53,907 patients regarding a cyberattack that was uncovered on April 23, 2021.

OSF HealthCare mentioned upon knowledge of the breach, it took steps to avert further unauthorized access and called in a third-party forensic examiner to perform an inquiry into the attack to identify the scope of the breach. The investigator established the attackers accessed its systems first on March 7, 2021 and likely had ongoing access up to April 23, 2021.

OSF HealthCare explained the attackers accessed selected files on its system that were linked to patients at OSF HealthCare Little Company of Mary Medical Center and OSF Healthcare Saint Paul Medical Center and OSD Healthcare Little Company Of Mary Medical Center. As of August 24, the investigators affirmed that these types of patient data could possibly have been compromised:

Names, contact data, dates of birth, driver’s license numbers, State/government Id Numbers Social Security Numbers, treatment data, diagnosis details and codes, doctor names, hospital units, dates of service, prescription details, medical record numbers, and Medicaid/Medicare or other medical insurance data. A subgroup of patients likewise had financial account details, credit/debit card data, or credentials for a web-based financial account breached.

Persons who had their Driver’s License Number Or Social Security Number was breached in the attack were given free credit monitoring and identity protection services by Experian. OSF HealthCare claims it has put in place more safety measures and technical security procedures to stop more attacks.

OSF HealthCare posted a substitute breach notice on its web page, which didn’t talk about the nature of the cyberattack. However, this looks like a ransomware attack and data theft that possibly took place 7 months in the past. states that it was notified concerning the exposure of stolen records on a dark web leak webpage in June and informed OSF HealthCare concerning the patient data exposure. A ransomware operation identified as Xing Team stated it was accountable for the attack and published information to its dark web leak page that enclosed patients’ PHI. reported that the site listing was viewed over 350,000 times, as per the site counter.