Cyber Incident Victim: Bon Secours St. Francis Health System

On November 30, 2018, Roper St. Francis Health System discovered that unauthorized actors may have accessed several employee email accounts due to a phishing attack. The compromise occurred between November 15 and December 1, 2018, though the exact entry mechanism wasn't disclosed in public notifications. Upon identifying the breach, the organization immediately secured the affected email accounts to prevent further unauthorized access. An investigation was launched to determine the scope and nature of the incident, though the specific forensic methods or third-party involvement weren't detailed in their public statement. The health system did not initially disclose how many email accounts were compromised or what specific patient data might have been exposed through these accounts.

The health system began mailing notification letters to affected patients on January 25, 2019, nearly two months after discovering the breach, suggesting the investigation required substantial time to assess potential impacts. A dedicated call center was established to handle patient inquiries about the incident, though the notification did not specify whether credit monitoring or identity protection services were offered. Public reporting by third-party outlets suggested approximately 13 employees fell victim to the phishing campaign, but Roper St. Francis did not confirm this figure in their official notice. The organization published a formal disclosure on its website on January 29, 2019, confirming the incident timeline and response actions without elaborating on technical safeguards implemented post-breach. No ransomware deployment or data extortion demands were mentioned in available reports, indicating the incident was limited to email account infiltration.