Cyber Incident Victim: Bon Secours St. Francis Health System

The data breach at Roper St. Francis Hospital (RSFH) in Charleston, South Carolina, was discovered on July 8, 2020, following unauthorized access to an employee’s email account between June 13 and June 17, 2020. An unknown attacker exploited this email compromise to steal medical records and personal information belonging to 6,000 patients. Hospital officials confirmed the intrusion occurred over a five-day period but provided no technical details regarding the initial attack vector or how the email account was compromised. The breach remained undetected for approximately three weeks until the hospital’s investigation uncovered the unauthorized access. No information was disclosed about whether multi-factor authentication or other security measures were in place on the compromised account. The hospital did not specify whether the breach involved malware, phishing, or credential theft, nor did it identify any third-party vendors or systems beyond the employee email account.

Stolen data included patient names, birth dates, detailed medical records, insurance information, and Social Security numbers. RSFH established a toll-free call center (1-888-498-0916) operational from September 4, 2020, allowing patients to verify if their data was compromised. The hospital did not disclose whether ransomware was involved, whether data was exfiltrated or merely accessed, or if attackers made any ransom demands. No evidence suggested public release or misuse of the stolen data at the time of reporting. Impacted individuals received no details about complimentary credit monitoring or identity theft protection services. The breach exposed systemic vulnerabilities in healthcare data security, given the high black-market value of medical records compared to financial data, though the hospital did not quantify financial losses or regulatory penalties arising from the incident.