Cyber Incident Victim: DialAmerica

On April 20, 2022, Baptist Medical Center and Resolute Health Hospital, both operated by Baptist Health System in Texas, detected suspicious network activity indicative of unauthorized access. The hospitals promptly suspended user access to their systems and activated extensive cybersecurity protection protocols to contain the threat. A forensic investigation was immediately launched to determine the scope and nature of the incident, with law enforcement notified of the breach. The investigation revealed that an unidentified third party had infiltrated hospital networks between March 31 and April 24, 2022, deploying malicious code and exfiltrating data from compromised systems. The unauthorized access period spanned nearly four weeks before detection, during which attackers removed sensitive information from the network.

The compromised data included protected health information (PHI) such as patient names, Social Security numbers, health insurance details, medical record numbers, diagnoses, dates of service, and billing and claims information. While the exact number of affected individuals was not disclosed, the hospitals notified all potentially impacted patients of the exposure. In response to the incident, the organization enhanced its security and monitoring capabilities, hardening systems to reduce future risks. Remediation efforts focused on mitigating the breach’s effects and preventing similar incidents, though no specific technical details about the malicious code or attacker methodologies were publicly released. The hospitals emphasized their commitment to securing personal information through operational changes and infrastructure improvements following the investigation.