Almost 54,000 Patients Affected by OSF HealthCare Ransomware Attack

The Peoria, IL-based not-for-profit catholic health system OSF HealthCare has started notifying 53,907 patients about a cyberattack that was discovered on April 23, 2021.

OSF HealthCare said upon discovery of the breach, steps were taken to prevent further unauthorized access and a third-party forensic investigator was engaged to conduct an investigation into the attack to determine the extent of the breach. The investigator confirmed the attackers first accessed its systems on March 7, 2021 and access remained possible until April 23, 2021.

OSF HealthCare said the attackers accessed certain files on its system that related to patients of OSF HealthCare Little Company of Mary Medical Center and OSF HealthCare Saint Paul Medical Center. On August 24 it was determined the following types of patient data may have been compromised:

Names, contact information, dates of birth, Social Security numbers, driver’s license numbers, state/government ID numbers, treatment information, diagnosis information and codes, physician names, dates of service, hospital units, prescription information, medical record numbers, and Medicare/Medicaid or other health insurance information. A subset of patients also had financial account information, credit/debit card information or credentials for an online financial account exposed.

Individuals whose Social Security number or driver’s license number was compromised in the attack have been offered complimentary credit monitoring and identity protection services through Experian. OSF HealthCare says it has implemented additional safeguards and technical security measures to prevent further attacks.

The substitute breach notice on the OSF HealthCare website makes no mention of the nature of the attack, but this appears to have been a ransomware attack involving data theft, with data potentially stolen 7 months ago. says it was alerted to the publication of stolen data on a dark web leak site in June and notified OSF HealthCare about the exposure of patient data. A ransomware operation known as Xing Team claimed responsibility for the attack and uploaded data to its dark web leak site that included patients’ protected health information. said “according to a counter on the site, the listing has been accessed more than 350,000 times.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.