Patient data from St. Alphonsus may have been stolen in a cyberattack that happened earlier this year.
St. Alphonsus' parent company Trinity Health confirmed the data breach through a third-party service provider Blackbaud. The cyberattack in May reportedly impacted more than 25,000 organizations across the world, according to a news release from Trinity Health.
The ransomware attack was discovered and a security team, which included law enforcement and independent forensics experts, prevented the attacker from fully blocking the system and encrypting files, according to a news release from Blackbaud.
However, prior to removing the attacker, a copy of a subset of data was removed from the self-hosted environment. No credit card, bank account or social security information was accessed, according to Blackbaud.
The company then paid the cyber attackers demand upon confirming the stolen information was destroyed, according to Blackbaud. Based on several investigations, there is no reason to believe the information went beyond the cybercriminal or was misused, according to Blackbaud.
Anyone who may have been impacted by the breach has been notified.
Both Blackbaud and Trinity Health are conducting an investigation into the incident, according to Trinity Health.
For more information on the breach and what to do if you were impacted, go to Trinity Health.