Cyber Incident Victim: Saint Francis Health System

On March 20, 2015, Saint Francis Health System discovered that an unauthorized individual had remotely installed malware on the point-of-sale device in the gift shop at Saint Francis Hospital in Tulsa, Oklahoma. The malware was designed to search for and capture payment card data processed through the gift shop's payment system. Forensic analysis determined the malware operated between March 5, 2015, and March 17, 2015—a 13-day window of compromise. During this period, the malware targeted cardholder names, payment card numbers, expiration dates, and verification codes as transactions were routed through the infected device. The health system did not specify how many payment cards were potentially affected but confirmed the breach exclusively impacted customers who made purchases at the hospital gift shop during those dates. No other systems or facilities within Saint Francis Health System were compromised.

Saint Francis immediately initiated an investigation upon detecting the malware and engaged a leading computer forensic firm to examine the gift shop's payment infrastructure. The investigation confirmed the malware's limited operational timeframe and data collection scope. Affected individuals were advised to review their payment card statements for unauthorized charges and contact their issuing banks to report discrepancies, with reassurance that major card networks typically shield customers from fraudulent liability. The health system emphasized its commitment to protecting personal information through its public statement but did not disclose technical details about malware removal, system hardening measures, or whether law enforcement was notified. As a not-for-profit healthcare provider serving northeastern Oklahoma with approximately 7,000 employees, Saint Francis framed its response within its Christ-centered mission while maintaining operational focus on patient care beyond the gift shop incident.