FARGO — Sanford Health sustained an attempted "cyber security incident" and is working to contain its impact, the health care provider's top executive said Wednesday, Aug. 4.
"Sanford Health has experienced an attempted cyber security incident, and we are taking aggressive measures to contain the impact," Sanford president and CEO Bill Gassen said in a statement. "Providing patients with exceptional care is our top priority, and we are doing everything possible to minimize disruption."
So far, Sanford officials believe that no personal or financial information has been compromised, but the investigation continues, Gassen said.
"At this time, no known patient, resident or employee personal or financial information has been compromised," he said. "We have engaged leading IT security experts to assist in the response, and have notified and will be working closely with federal authorities."
Beyond Gassen's statement, Sanford is not providing any other information on the incident.
A survey of more than 150 hospitals, concluded that the main motivations behind cyberattacks on hospitals are medical identity theft, theft and sale of stolen hospital information on the black market and even unauthorized access and theft of patient information.
The survey was by Healthcare Information and Management Systems Society, which reported in April 2020 that cyber threats to health systems include remote access trojans, ransomware and credential stealing malware.
Hospitals and health systems are frequent targets of cyber attacks, according to the Center for Internet Security.
"The healthcare industry is plagued by a myriad of cybersecurity-related issues," the center's website reports. "These issues range from malware that compromises the integrity of systems and privacy of patients, to distributed denial of service ... attacks that disrupt facilities’ ability to provide patient care."
Herjavec Group, a cybersecurity firm, reported that ransomware attacks on health care organizations were predicted to quintuple by 2021.
The U.S. Department of Health and Human Services listed 592 breaches of unsecured, protected health information affecting 500 or more people, according to Herjavec Group's 2020-2021 Healthcare Cybersecurity report.
Sanford's primary service area covers North Dakota, South Dakota and Minnesota. The health system has 46 hospitals, 224 clinics, 233 senior living communities, 158 skilled nursing and rehabilitation facilities and 47,757 employees.