St. Anthony Hospital

A data breach at St. Anthony Hospital exposed the personal information of patients, staff, and others after an unauthorized actor accessed a small number of employee accounts in February. The compromised data may include highly sensitive details such as names, addresses, dates of birth, Social Security numbers, medical record numbers, patient account numbers, prescription information, and medical histories. While the hospital has not yet confirmed any misuse of the data or reports of identity theft, the potential exposure poses significant risks, including fraud and financial harm. The hospital has engaged an external cybersecurity firm to investigate and has advised affected individuals to monitor their financial accounts and credit reports for suspicious activity. Preventative measures, such as placing fraud alerts or security freezes, have been recommended. The breach underscores vulnerabilities in safeguarding both patient and employee data within healthcare systems, raising concerns about long-term trust and operational integrity.

Source: https://chicago.suntimes.com/health/2025/11/19/st-anthony-hospital-data-breach-potentially-exposed-staff-patients

Bon Secours Charity Health System, Inc. cybersecurity rating report: https://www.rankiteo.com/company/bon-secours-charity-health-system-inc-

"id": "BON4302043112025",
"linkid": "bon-secours-charity-health-system-inc-",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Small number (exact count '
                                              'undisclosed)',
                        'industry': 'Healthcare',
                        'location': '2875 W. 19th St. (likely Chicago, IL, '
                                    'USA)',
                        'name': 'St. Anthony Hospital',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Patients advised to monitor accounts and place fraud '
                        'alerts/security freezes. Helpline provided for '
                        'inquiries (877-580-4384, 8 AM–5 PM, Mon–Fri).',
 'data_breach': {'number_of_records_exposed': 'Small number (exact count '
                                              'undisclosed)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (includes SSNs, medical records, '
                                        'and prescription data)',
                 'type_of_data_compromised': ['Personal information',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2024-02',
 'description': 'A data breach at St. Anthony Hospital potentially exposed the '
                'personal information of patients, staff, and others. In '
                "February, the hospital discovered that a 'small number' of "
                'employee accounts had been accessed by an unauthorized actor. '
                'An investigation was launched with an outside cybersecurity '
                'firm. While no evidence of data misuse, identity theft, or '
                'fraud has been reported, the compromised data may include '
                'names, addresses, dates of birth, Social Security numbers, '
                'medical record numbers, patient account numbers, prescription '
                'information, and medical history. The hospital has not yet '
                'notified affected individuals but will do so if personal '
                'information is confirmed compromised. Patients are advised to '
                'monitor financial accounts and place fraud alerts or security '
                'freezes on their credit files.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'exposure of sensitive patient and '
                                       'staff data',
            'data_compromised': ['Names',
                                 'Addresses',
                                 'Dates of birth',
                                 'Social Security numbers',
                                 'Medical record numbers',
                                 'Patient account numbers',
                                 'Prescription information',
                                 'Medical history'],
            'identity_theft_risk': 'Potential risk (no confirmed cases '
                                   'reported)'},
 'initial_access_broker': {'entry_point': 'Compromised employee accounts'},
 'investigation_status': 'Ongoing (external cybersecurity firm involved)',
 'recommendations': ['Place fraud alerts or security freezes on credit files',
                     'Monitor financial account statements and credit reports '
                     'regularly for irregular activity'],
 'references': [{'source': 'St. Anthony Hospital Public Statement'}],
 'response': {'communication_strategy': 'Public statement released; dedicated '
                                        'helpline (877-580-4384) established '
                                        'for inquiries. Affected individuals '
                                        'to be notified if data compromise is '
                                        'confirmed.',
              'incident_response_plan_activated': True,
              'third_party_assistance': 'Outside cybersecurity firm engaged '
                                        'for investigation'},
 'threat_actor': 'Unauthorized actor',
 'title': 'Data Breach at St. Anthony Hospital Exposes Patient and Staff '
          'Information',
 'type': 'Data Breach'}