HQ/EMEAFind out how we can help your business
Anna Jaques Hospital, a community healthcare provider in Massachusetts, has disclosed that a ransomware attack on Christmas Day 2023 resulted in the exposure of sensitive data belonging to more than 310,000 patients.
The hospital, recognised for its high-quality care and surgical expertise, serves as a vital healthcare provider for the Merrimack Valley, North Shore, and southern New Hampshire regions. With 83 beds, 200 physicians, and 1,200 staff members, Anna Jaques plays a significant role in supporting the health and well-being of the local population.
The cyberattack, attributed to the ‘Money Message’ ransomware group, disrupted hospital systems during the holiday period. Immediate actions were taken to mitigate the damage, including disconnecting affected systems, and notifying law enforcement. However, on January 19, 2024, the attackers publicly demanded ransom, threatening to release stolen patient data unless their demands were met.
Anna Jaques Hospital revealed a breach impacting 316,342 individuals after data was published on the dark web.
By January 26, after the hospital chose not to negotiate with the threat actors, all compromised data was published on the dark web. A detailed forensic investigation, which required an extensive manual review of documents, concluded on November 5, 2024. The findings confirmed that the breach impacted 316,342 individuals.
The exposed data includes personal demographic details, medical records, health insurance information, Social Security numbers, driver’s licence numbers, financial details, and other sensitive health-related information. Despite the seriousness of the breach, Anna Jaques has reported no evidence of fraudulent activity resulting from the incident.
In response, the hospital began notifying affected individuals on December 5, 2024. Those impacted have been offered 24 months of identity protection and credit monitoring services via Experian and 1B. Additionally, Anna Jaques has urged patients and employees to remain vigilant, advising them to regularly review financial account statements and consider placing fraud alerts or security freezes on their credit files.
This breach highlights the growing threat of ransomware attacks targeting the healthcare sector, where patient data is both sensitive and invaluable. Organisations find it challenging to balance long-term data protection strategies with immediate crisis responses. Anna Jaques Hospital’s response to the issue shows this challenge, including its considerable notification efforts and refusal to engage with hackers.
As healthcare providers continue to be prime targets for cyberattacks, strong cybersecurity frameworks and proactive monitoring remain essential to protecting patient information against similar incidents.
