107,054 Patients Affected by Ferguson Medical Group Data Breach

In late 2019, Ferguson Medical Group was hit with a ransomware attack, resulting in the encryption of all data contained on the medical group’s network up until Dec. 31, 2018.

Patient Data Compromised in Ferguson Medical Group Ransomware Attack

Missouri-based Ferguson Medical Group was targeted by ransomware hackers in late 2019. The ransomware infected the computer network used by the group, encrypting medical files and other data. All data saved on the network prior to the beginning of 2019 was affected by the ransomware.

After Ferguson Medical Group was acquired by Saint Francis Health in early 2019, officials were asked to pay a ransom to the hackers in order to regain access to the data. However, Saint Francis officials partnered with law enforcement and took steps to secure the network without paying the ransom. Instead, the medical group used backup files to restore their network. Unfortunately, not all of the files were able to be restored. According to medical center officials, all records from Sept. 20, 2018 through Dec. 31, 2018 were permanently lost due to the data breach.

Although the data was seized and encrypted by the ransomware, Saint Francis officials believe that no sensitive patient information was accessed by the hackers. According to a statement released by the medical group, “Saint Francis does not believe that this incident resulted in the disclosure of any patient information to any unauthorized third parties. There is no indication that patient information has been or will be used inappropriately.”

As many as 107,054 patients may have been affected by the Ferguson Medical Group data breach. Patients who were affected by the breach will receive free credit monitoring services from the medical center.

Hospital Ransomware and Patient Information Breaches

Hospitals that have been affected by ransomware attacks may lose services including access to appointment schedules and access to patient records. While some medical centers have agreed to pay large financial ransoms to the hackers holding their data hostage, many other medical centers have refused to pay ransoms and have had to rely on paper files or other systems while their networks are being restored. Additionally, patients whose data has been encrypted by ransomware may lose access to their medical records and medical history.

Although in many cases of hospital ransomware attacks, patient information is believed to have only been encrypted rather than accessed by the hackers, it is unknown how often this data is able to be interpreted by ransomware thieves. Patient information that may be compromised by hospital data breaches includes Social Security numbers, full names, addresses, medical records including medication history, diagnoses, scans, and treatments, and other sensitive medical, personal, and financial information. If ransomware hackers are able to access this information, it could lead to negative consequences for patients including identity theft, blackmail, financial exploitation, and more.

If you were a patient at Ferguson Medical Group or another medical center affected by ransomware attacks, you may be eligible to hire a qualified attorney and join a class action lawsuit or investigation into these data breaches.

This article is not legal advice. It is presented
for informational purposes only.