25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Eskenazi Health Confirms Patient Data Was Stolen in August Ransomware Attack

Posted By on Oct 7, 2021

Indianapolis, IN-based Eskenazi Health has announced it was the victim of a ransomware attack that was detected on or around August 4, 2021.

Suspicious activity was detected and the IT team immediately shut down systems to contain the attack. Emergency protocols were implemented, with staff reverting to pen and paper to record patient data. Without access to critical IT systems the decision was taken to go on diversion and ambulances were re-routed from Health & Hospital Corporation of Marion County to alternative facilities.

An investigation was launched to determine the nature and extent of the attack. Eskenazi Health said the forensic investigation determined the hackers had first gained access to its systems on May 19, 2021 and disabled its security systems to ensure their presence in the network was not detected. The intrusion was only detected when ransomware was deployed and files started to be encrypted.

The forensic investigators confirmed the attackers had been removed from its network and systems were secure. The initial investigation into the attack indicated patient information had not been accessed or stolen by the attackers. Eskenazi Health said it did not pay the ransom and was able to recover encrypted data from backups.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

On October 1, 2021, Eskenazi Health issued an update confirming new information had come to light confirming the gang behind the attack had exfiltrated files containing patient information from its systems. Some of those files have been posted on a dark web data leak site.

A review of the stolen data confirmed the files contained names, dates of birth, addresses, telephone numbers, email addresses, ages, driver’s license numbers, medical record numbers, passport numbers, Social Security numbers, face photographs, patient account numbers, credit card information, diagnoses, physician names, prescriptions, dates of service, health insurance information, and cause/date of death for deceased patients.

Notification letters are being sent to affected individuals and complimentary credit monitoring and identity theft protection services are being provided. The ransomware attack has been reported to the HHS’ Office for Civil Rights as affecting 1,515,918 individuals.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist