Data Breach At Capital Health Exposes Patient Personal And Health Information

☑ Capital Health patients warned about data breach

☑ Sensitive personal information may have been compromised

☑ Hospital officials announce free credit monitoring

Officials at Mercer County based Capital Health are admitting to a large data breach and advising patients that sensitive personal data and health information may have been compromised.

Capital Health operates two hospitals in Mercer County: Capital Health Medical Center Hopewell in Pennington and Capital Health Regional Medical Center in Trenton.

In a statement, Capital Health said their investigation into the incident is ongoing, however, "Our investigation determined that an unauthorized actor gained access to certain of our systems from November 11 - 26, 2023."

Capital Health Medical Center Hopewell (Capital Health Medical Center Hopewell)

Officials said names, addresses, social security numbers, dates of birth, email addresses, telephone numbers may have been compromised as well as what they termed "potentially clinical information."

The statement said the investigation had not uncovered any evidence patient information has been misused, but, "Out of an abundance of caution, and in accordance with applicable law, we are providing this notice to you so that you can take steps to minimize the risk that your information will be misused."

Credit monitoring is being offered

A message to patients on the Capital Health website urged people "remain vigilant" and take steps to avoid identity theft, including requesting a copy of your credit report.

Capital Health offered an apology for the breach and offered free credit monitoring "to help mitigate any potential for harm."

According to the website: Beginning Friday, February 2, 2024, individuals may contact IDX with any questions and to enroll in identity protection services at no cost by calling 888-906-4476. IDX representatives are available Monday through Friday from 9 a.m. to 9 p.m. The deadline to enroll is April 30, 2024.

You can order a free credit report at www.annualcreditreport.com.

Capital Health-East Trenton, formerly known as St. Francis Medical Center (Brian McCarthy)

What happens next?

Capital Health officials say the investigation into the incident is ongoing with the aid of "a leading outside forensic security firm" to determine the nature and scope of the data breach and to "confirm the security of our computer systems and network."

"This process is time-intensive, but ultimately necessary to properly identify potentially affected individuals," the statement said.

Depending on what the investigation finds, impacted individuals may receive a follow-up letter from Capital Health with more detailed information and instructions.

Cyber attackers target NJ hospitals

The cyber-attack at Capital Health was one of a series of incidents occurring within a few weeks that targeted hospitals in New Jersey in 2023.

Capital Health logo (Dennis Symons), Pascack Valley Medical Center (Google Street View)

Pascack Valley Medical Center in Westwood and Mountainside Medical Center in Montclair were hit by an attack that crippled EpicCare, the electronic medical record platform and damaged other core clinical and business systems.

A cyberattack at CentraState Medical Center in Freehold Township revealed that personal data of 617,000 patients on an archived database was stolen during a breach in December 2022. An "unauthorized person" obtained a copy of an archived database that stored patient information. No financial or payment information was kept in that archive.

The source of the attacks was never revealed.

Warnings about more attacks

FBI Director Christopher Wray told a congressional committee on Wednesday that hackers linked to the Chinese government are moving to target critical U.S. infrastructure.

He said hackers are preparing to "wreak havoc" and cause "real-world harm" to Americans, as they have their sights set on water treatment plants, the electric grid and transportation hubs.

Director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency Jen Easterly, left, FBI director Christopher Wray, center, and Harry Coker, director of the Office of the National Cyber Director, are sworn during a House Select Committee focusing on China on Capitol Hill, Wednesday, Jan. 31, 2024, in Washington. (AP Photo/Mariam Zuhaib)

They are also, Wray warned, targeting ordinary citizens.

Wray's testimony came as the Justice Department and FBI announced they had disabled a Chinese hacking operation that had infected hundreds of small office and home routers with malware targeting infrastructure.

The Associated Press contributed to this story.