Eskenazi Health now says some patient, employee information stolen in cyber attack

SHARI RUDAVSKY | Indianapolis Star
Show Caption
After first saying that no personal information was compromised in a ransomware attack earlier this summer, Eskenazi Health officials announced Friday that some information from patients and employees was stolen and released on the dark web.

The hospital will send a letter to all individuals impacted, detailing what types of information the cybercriminals obtained. This information includes names, dates of birth, ages, addresses, telephone numbers, driver’s license numbers, passport numbers, photos, social security numbers and credit card information.

In some cases, medical information such as patients’ diagnosis, physician’s name, prescriptions, and insurance information was also compromised, as was cause and date of death for some patients who are now deceased.

Fresh for You Market: Why Eskenazi Hospital is opening a food market

Eskenazi officials discovered the attack on Aug. 4, when they saw suspicious activity on their network and immediately shut down the network to protect the information. The ransomware attack led the hospital to go on diversion, turning away ambulances, for several days in early August.


A further investigation determined that “sophisticated cybercriminals” had gained access to the network on May 19, hospital officials said in a press release. The criminals also disabled the security protections, hiding their activity until the cyberattack launched.

Eskenazi Health did not make any ransom payments to the criminals, hospital officials said in the email.

More: Don't put yourself or your baby at risk: Why pregnant women need COVID-19 vaccine


The hospital has set up a call center to answer additional questions. Callers should dial (855) 896-4446 and use Engagement Number B019316 when speaking with a representative.

Those who have been impacted will also receive information on enrolling in identify theft protection programs. The hospital has also set up a website about the incident, which can be found at eskenazihealth.edu/cyber-incident.