Menu
Browse

Cyber Incident Victim: Roper St. Francis Healthcare

Date:

Nov 2018

Location:

United States of America

Summary

Roper St. Francis Healthcare discovered that an unauthorized actor may have accessed some employees' email accounts after those employees fell for a phishing attack. The organization secured the compromised accounts, launched an investigation, and began notifying affected patients by mail while setting up a dedicated call center for inquiries. Reports indicate that approximately thirteen employees were involved in the phishing incident, although the source of that figure is not cited.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On November 30, 2018, Roper St. Francis Healthcare learned that an unauthorized actor may have gained access to some employees’ email accounts between November 15 and December 1, 2018. Upon discovery, the organization immediately took steps to secure the compromised email accounts and launched an investigation to determine the scope of the intrusion. The investigation focused on identifying what information might have been exposed and whether any patient data had been accessed or exfiltrated. No further details about the attacker’s methods or motives were disclosed in the notice. The organization emphasized that it acted promptly to mitigate any ongoing risk associated with the breach.

Cyber Incident Image

Beginning on January 25, 2019, Roper St. Francis started mailing letters to patients whose information could have been affected by the incident. Alongside the mailing effort, the organization established a dedicated call center to answer questions and provide assistance to concerned individuals. The notice posted on the organization’s website on January 29 explained that the communication was intended to inform patients about a potential exposure of their personal information. The notice did not specify the exact types of data that may have been compromised, nor did it provide numbers of affected patients or employees. The call center remained operational to support patients seeking clarification or guidance related to the notice.

The incident prompted a formal notification process consistent with applicable breach disclosure requirements, and the organization maintained that it had taken appropriate remedial actions to secure its email environment. No additional technical details about the email system, the nature of the unauthorized access, or any subsequent forensic findings were included in the public notice. The narrative presented here reflects only the facts explicitly stated in the source material.

Sources
Sources available to members
1 source