Cyber Incident Victim: Sparta Community Hospital District

On March 28, 2023, the Sparta Community Hospital District in Illinois identified suspicious activity occurring within an employee email account, prompting the immediate launch of an internal investigation to determine the nature and scope of the incident. The subsequent forensic analysis revealed that an unauthorized individual, characterized as a hacker, had successfully gained access to the compromised email account. This access was not a prolonged campaign but a specific intrusion that occurred over a two-day period, beginning on March 27 and concluding on March 28, 2023. The investigation confirmed that the protected health information contained within the email account was the primary target and was exposed to the unauthorized party. The hospital district moved to secure the affected email account to prevent any further unauthorized access following the discovery of the breach.

The compromised email account contained a range of sensitive patient information, though the specific number of affected individuals was not publicly disclosed by the hospital. The data exposed included patient names, their physical addresses, phone numbers, and dates of birth. Furthermore, medical record numbers, the names of attending physicians, medical diagnosis information, and limited details regarding patient treatments were also accessed. The hospital explicitly stated that no financial information, such as credit card or bank account numbers, and no Social Security numbers were involved in this particular security incident. As part of its response, Sparta Community Hospital District took action to notify all individuals whose protected health information was contained within the breached email account, in accordance with regulatory requirements. The hospital’s public statement confirmed that the email account had been secured as a direct result of the incident.