SPRINGFIELD, Ore. - A criminal cyber-attack by a foreign-based intruder in July obtained some personal data of patients of McKenzie-Willamette Center, the hospital said Tuesday.
The information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and Social Security numbers.
The data belongs to some patients who were seen by Heart Associates of Oregon, McKenzie Primary Care Associates and Summit Surgical Specialists affiliated with McKenzie-Willamette Medical Center over the past five years.
"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection," the hospital said in a statement.
McKenzie-Willamette believes the intruder was a foreign-based group out of China that was likely looking for intellectual property.
"The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks," the hospital said. "We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack."