Columbus healthcare provider: we were hacked

A US emergency healthcare provider has finally broken its silence and confirmed rumors of a suspected data breach that occurred last year, exposing thousands of clients.

Columbus Regional Healthcare, based in North Carolina, filed a report with the attorney general in Maine stating that more than 132,000 people were affected by a data breach last May.

Patient names and Social Security numbers were exposed as a result of “unauthorized access” to the non-profit healthcare provider’s computer network between May 19th and 21st, said Columbus.

It claims it did not confirm the breach and its extent until December, though reports were circulating as far back as June, with the Daixin ransomware gang claiming the attack and saying it would make good on threats to publish stolen data after payment demands were not met.

According to those reports, Columbus was initially willing to negotiate but could not come up with the $2 million demanded by Daixin. It should be stressed that such accounts amount to hearsay and have not been confirmed by the healthcare company.

In a letter of apology sent on January 19th to residents of Maine, which imposes strict reporting requirements on organizations suffering cyberattacks that affect its residents, Columbus says that it’s “not aware of any reports of identity fraud or improper use of your information as a direct result of this incident.”

Columbus is described as an acute care hospital with more than 150 beds that provides cost-effective emergency services on a not-for-profit basis.