25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Betty Jean Kerr People’s Health Centers Ransomware Attack Impacts 152,000 Patients

Posted By on Oct 28, 2019

St Louis, MO-based Betty Jean Kerr People’s Health Centers experienced a ransomware attack on September 2, 2019 that prevented staff at its health centers from accessing certain types of patient, provider, and employee information.

The security incident was detected on September 3 and law enforcement was notified. A ransom demand was received, but the decision was taken not to pay. A third-party IT firm was engaged to assist with recovery, but it has not been possible to recover the encrypted data. The encrypted data is considered to have been permanently lost, unless a decryptor is developed by security researchers that allows files to be recovered. No mention has been made about the type of ransomware used in the attack and if backup files were also encrypted in the attack.

The investigation revealed the following types of information had been encrypted in the attack: Patient names, addresses, dates of birth, Social Security numbers, pharmacy data, health insurance information, dental x-rays, and a limited amount of clinical data. Affected patients had received medical services at Betty Jean Kerr People’s Health Centers between 2011 and September 2, 2019. The attack did not affect its electronic medical record system.

Healthcare providers affected by the breach had sought to be credentialed by People’s Health Centers between 2010 and September 2019. Names, addresses, and Social Security numbers provided by those healthcare organizations were also encrypted, as were the names, addresses, and Social Security numbers of individuals employed by People’s Health Centers between 2012 and September 2, 2019.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

People’s Health Centers has confirmed that patient data, provider data, and employee information was encrypted, but it was not possible to determine whether the attackers accessed or copied any data during the attack. The individual(s) responsible for the attack is believed to be based outside the United States.

In total, up to 152,000 individuals have had their sensitive data exposed. People’s Health Centers is offering 12 months of free credit monitoring services to individuals affected by the breach.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist