Cyber Incident Victim: Family Christian Health Center

Family Christian Health Center (FCHC), a Harvey, Illinois-based Federally Qualified Health Center (FQHC), experienced a ransomware attack that compromised protected health information (PHI) of approximately 31,000 individuals. The incident occurred on or around November 18, 2021, though public notification occurred months later in February 2022. Attackers gained unauthorized access to systems containing patient names, dates of birth, physical addresses, and health insurance information. The breach impacted two distinct patient groups: dental patients who received services prior to August 31, 2020, and non-dental patients treated between December 5, 2016, and August 31, 2020. No explicit evidence indicates whether data encryption or data exfiltration occurred during the ransomware incident. The organization did not disclose initial detection methods or whether ransom demands were made by attackers.

FCHC responded by engaging a digital forensics consulting firm to investigate the breach scope and assist with remediation efforts. Security enhancements were implemented across network infrastructure, though specific technical controls beyond basic ransomware protections were not detailed in public disclosures. The health center issued breach notifications to affected patients in compliance with HIPAA requirements, but did not publicly confirm whether complimentary identity monitoring services were offered as part of remediation. Operational impacts included temporary disruption to systems during containment activities, though the duration of downtime and specific affected clinical systems remained undisclosed. The incident represented one of two major healthcare breaches disclosed simultaneously in Illinois during February 2022, collectively affecting nearly 200,000 patients across both organizations.