Tulsa, Okla.-based Saint Francis Health System is opting not to pay a ransom demand to protect information of 6,000 patients obtained by a hacker, because paying doesn't guarantee the data won't be disclosed, Tulsa World reports.
DataBreaches.net reports the hackers initially asked for 24 bitcoin, which the site reports is equivalent to about $14,400.
"The health system understands the importance of protecting our patients' information and deeply regrets that this occurred," reads a statement from the hospital. "Saint Francis has been working with a leading forensics firm to investigate this incident and look for ways to enhance our existing security measures."
According to reports, the system was notified of the breach due to unauthorized access of an external server on Sept. 7. A hospital spokesperson said the compromised data is limited to 6,000 patient names and addresses. The health system is sending notification letters to individuals who may be impacted and providing identity monitoring services.
Initially, someone using the moniker TheDarkOverlord, a hacker or hacking collective responsible for numerous significant hospital data breaches of late, claimed responsibility for the Saint Francis cyberattack, according to DataBreaches.net. However, in subsequent reports, the authenticity of the bad actors that used TheDarkOverlord's name to take credit has been called into question. Sources within the hacking community told DataBreaches.net TheDarkOverlord is in fact not responsible for the Saint Francis Health System breach.