In August 2023, a significant cyberattack on the Hospital Sisters Health System (HSHS) compromised the personal data of 882,782 individuals. This breach disrupted internal systems, applications, communications, online payments, and the HSHS website.

Details of the Cyberattack

The attack began on August 27, 2023, causing a prolonged outage of several critical systems. HSHS confirmed that the breach affected their network from August 16 to 27, allowing unauthorized access to sensitive files.

Investigation and Response

Upon discovering the breach, HSHS promptly involved law enforcement and initiated an investigation with a top forensic security firm. The investigation confirmed that threat actors accessed files containing personal information during the breach period.

Exposed Information

The data compromised in this incident varied among individuals and included:

  • Names and addresses
  • Dates of birth
  • Medical record numbers
  • Limited treatment information
  • Health insurance details
  • Social Security and/or driver’s license numbers

HSHS has stated there is no evidence that the exposed information has been misused maliciously.

Protective Measures and Recommendations

To mitigate potential risks, HSHS is offering free identity theft protection and credit monitoring services to those affected by the breach. It is recommended that individuals remain vigilant and monitor their accounts for any suspicious activity.

Data breaches in the healthcare sector are becoming increasingly common, as evidenced by a similar incident in January 2025, where the Community Health Center (CHC) reported a breach affecting over 1 million patients in Connecticut.

Learn more about protecting your personal information in our Research section.

The link has been copied!