Cyber Incident Victim: 90 Degree Benefits
Date:
Mar 2022
Location:
United States of America
Summary
Baptist Medical Center and Resolute Health Hospital experienced a malicious code infection on their network, leading to potential unauthorized access and data exfiltration. The incident prompted immediate suspension of user access and implementation of cybersecurity protocols to contain the breach. Compromised information included patient demographics, Social Security numbers, health insurance details, medical diagnoses, treatment dates, and billing records. The organization engaged forensic investigators, notified law enforcement, and initiated remediation efforts to secure systems and prevent further unauthorized activity following the discovery of the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 20, 2022, Baptist Medical Center and Resolute Health Hospital, both operated by Baptist Health System in Texas, detected suspicious network activity indicating a potential security incident. The organizations responded by immediately suspending user access to affected systems and activating extensive cybersecurity protection protocols to contain the threat. A subsequent forensic investigation determined that an unauthorized third party had infiltrated portions of the hospitals' network infrastructure and maintained persistent access between March 31 and April 24, 2022. During this 25-day period, the attacker executed malicious code that enabled data exfiltration from hospital systems. Law enforcement agencies were promptly notified of the intrusion, though the specific attack vector and identity of the threat actor remained undisclosed. The breach timeline suggests the malicious activity began nearly three weeks before detection, with the attackers operating undetected until internal monitoring systems flagged anomalous behavior.
The compromised systems contained protected health information (PHI) belonging to an undisclosed number of patients, including demographic details, Social Security numbers, health insurance policy information, medical record numbers, diagnosis codes, dates of medical service, and billing/claims data. Baptist Health System initiated direct notifications to affected individuals following confirmation of the data exposure but did not publicly specify the total number of impacted patients or whether any data misuse had occurred. Remediation efforts focused on enhancing network security controls, implementing additional monitoring safeguards, and collaborating with digital forensics specialists to analyze the attack methodology. The hospitals emphasized their commitment to information security in official communications while refraining from disclosing technical specifics about the malware employed or whether ransomware encryption was involved in the incident. No service disruptions or clinical care impacts were reported as a direct consequence of the cybersecurity event.