Cyber Incident Victim: Roper St. Francis Healthcare
Date:
Jun 2020
Location:
United States of America
Summary
Roper St. Francis Hospital reported that approximately 6,000 patients had their personal and medical information compromised after attackers gained access through an employee's email. The exposed data included names, birth dates, detailed medical records, insurance information, and Social Security numbers. The breach was discovered after the unauthorized access occurred, and a toll‑free hotline was made available for affected individuals to inquire about their data. Officials noted that healthcare data is highly valuable on the black market, often fetching far more than credit card details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 13, 2020, attackers gained access to the email system of an employee at Roper St. Francis Hospital in Charleston, South Carolina, and maintained unauthorized entry until June 17, 2020. During this window, they exfiltrated a range of personal and health information from the hospital’s networks. The intrusion remained undetected until July 8, 2020, when hospital officials identified the breach and began an internal investigation. According to the hospital’s statement, the compromised data included patients’ names, birth dates, detailed medical records, insurance information, and Social Security numbers. The breach was attributed to a phishing or credential‑theft vector that exploited the employee’s email account.

Approximately 6,000 patients were confirmed to have had their information exposed, although the hospital noted that not all of its patient base was affected. The stolen records are described as highly valuable on the illicit market, with individual medical files potentially fetching up to $1,000 each. The breach was publicly disclosed in a Bitdefender blog post dated July 8, 2020. To assist affected individuals, Roper St. Francis Hospital established a toll‑free information line at 1‑888‑498‑0916, which became operational on September 4, 2020, allowing patients to inquire whether their data was part of the breach. The hospital communicated that individuals could call this line to obtain details about the specific information that may have been compromised and to receive guidance on next steps.
