Pierluigi Paganini February 07, 2025

The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals.

The cyberattack that hit the infrastructure of the Hospital Sisters Health System (HSHS) in August 2023 impacted the personal information of 882,782 individuals.

The systems at the hospital were brought down by the attack starting on August 27, 2023, the healthcare organization confirmed that the security breach disrupted internal systems, some applications, communications, online payments, and the HSHS website. The outage of the impacted systems lasted several days.

HSHS immediately notified law enforcement and began an investigation into the cyber incident with the help of a leading forensic security firm. The investigation revealed that the threat actors breached the NSHS’s network from August 16 to 27, and gained access to multiple files containing personal information.

“On August 27, 2023, HSHS discovered an unauthorized third party gained temporary access to HSHS’s network. Upon learning of the situation, we immediately took steps to contain and remediate the incident and launched an internal investigation. We also reported the incident to law enforcement and engaged a leading forensic security firm to assist in our investigation and confirm the security of our computer systems and network. The forensic investigation determined that the unauthorized third party accessed certain files on our network between August 16 and August 27, 2023.” reads the data breach notification shared with the Maine Attorney General. “We have since been reviewing those files and notifying individuals whose information was found in the files on a rolling basis as our review has continued.”

The type of information exposed in the attack varied for each individual, it may have included names, addresses, dates of birth, medical record numbers, limited treatment information, health insurance information and Social Security numbers and/or driver’s license numbers.

The Hospital Sisters Health System pointed out that they have no reason to believe that compromised personal information has been misused for malicious purposes.

HSHS is offering free identity theft protection and credit monitoring to affected individuals.

In January 2025, another healthcare provider, the Community Health Center (CHC), revealed that a data breach impacted over 1 million patients in Connecticut.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Hospital Sisters Health System)