Cyber Incident Victim: Roper St. Francis Healthcare
Date:
Jun 2020
Location:
United States of America
Summary
Roper St. Francis Hospital reported that approximately 6,000 patients had their personal and medical information compromised after attackers gained access through an employee’s email. The compromised data included names, birth dates, detailed medical records, insurance information and Social Security numbers. The breach was discovered after the intrusion period, and a toll‑free call center was made available for affected individuals to inquire about their data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Roper St. Francis Hospital reported that a data breach affected approximately 6,000 patients. The breach occurred between June 13 and June 17, 2020. Hospital officials discovered the breach on July 8, 2020. The attacker gained access through an employee’s email account. The identity of the attacker remains unknown. The incident took place at the facility located in Charleston, South Carolina. The compromised data included patients’ names, birth dates, detailed medical records, insurance information, and Social Security numbers. Not every patient of Roper St. Francis Hospital was impacted by the breach. The hospital stated that individuals could determine whether their information was exposed. A dedicated toll‑free call center was made available for patients to inquire about their status.

The call center began operations on September 4, 2020, and could be reached at 1-888-498-0916. Patients calling the line could receive information about whether their personal data had been accessed. The stolen medical records are considered highly valuable on the illicit market. According to the report, such records can be worth up to fifty times more than credit‑card information. Individual records have been known to sell for as much as one thousand dollars each. The hospital disclosed the breach publicly on July 8, 2020, the same day it was discovered. No further technical details about the attacker’s methods beyond the email compromise were provided in the source. The article does not describe any specific containment steps taken by the hospital beyond the public notification. The breach highlights the attractiveness of healthcare data to cybercriminals. The information presented is limited to what was published in the article.
