OSF Healthcare in Illinois was attacked and data was exfiltrated from their systems by threat actor Xing Team.
Xing Team started dumping patients data which apparently belonged to 53,907 OSF patients.
The dumped data included patient names and contact information; dates of birth; Social Security numbers; driver’s license numbers; state or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information.
OSF Healthcare offered complimentary credit monitoring and identity protection services through Experian.
Source: https://www.databreaches.net/il-osf-healthcare-discloses-ransomware-incident/
TPRM report: https://scoringcyber.rankiteo.com/company/osf-healthcare
"id": "osf22412822",
"linkid": "osf-healthcare",
"type": "Ransomware",
"date": "10/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 53907,
'industry': 'Healthcare',
'location': 'Illinois',
'name': 'OSF Healthcare',
'type': 'Healthcare'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 53907,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['patient names',
'contact information',
'dates of birth',
'Social Security numbers',
'driver’s license numbers',
'state or government '
'identification numbers',
'treatment and diagnosis '
'information and codes',
'physician names',
'dates of service',
'hospital units',
'prescription information',
'medical record numbers',
'Medicare',
'Medicaid or other health '
'insurance information']},
'description': 'OSF Healthcare in Illinois was attacked and data was '
'exfiltrated from their systems by threat actor Xing Team. '
'Xing Team started dumping patients data which apparently '
'belonged to 53,907 OSF patients. The dumped data included '
'patient names and contact information; dates of birth; Social '
'Security numbers; driver’s license numbers; state or '
'government identification numbers; treatment and diagnosis '
'information and codes; physician names, dates of service, '
'hospital units, prescription information and medical record '
'numbers; and Medicare, Medicaid or other health insurance '
'information. OSF Healthcare offered complimentary credit '
'monitoring and identity protection services through Experian.',
'impact': {'data_compromised': ['patient names',
'contact information',
'dates of birth',
'Social Security numbers',
'driver’s license numbers',
'state or government identification numbers',
'treatment and diagnosis information and '
'codes',
'physician names',
'dates of service',
'hospital units',
'prescription information',
'medical record numbers',
'Medicare',
'Medicaid or other health insurance '
'information']},
'response': {'remediation_measures': ['Complimentary credit monitoring and '
'identity protection services'],
'third_party_assistance': 'Experian'},
'threat_actor': 'Xing Team',
'title': 'Data Exfiltration at OSF Healthcare',
'type': 'Data Breach'}