Sanford patient data leak

Published: Sep. 25, 2023 at 8:24 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

BISMARCK, N.D. (KFYR) - A data leak involving Sanford Medical has impacted more than 21,000 patients whose personal information may be compromised.

Hospital administrators say the breach happened on DMS Health Technologies’ end, the vendor they use for their mobile heart screen trucks.

Kim Burch said when DMS Health Technologies informed her son by letter nearly two weeks ago, she initially thought it was a scam.

“You had to really read it to get the gist of it, and then it goes on to say, ‘He’ll be signed up for credit protection,’ but how are you going to sign him up? He’s 13, he can’t be signed up for credit protection. So it was extremely misleading for a child,” said Burch.

Burch said she decided her son would most likely be fine since it’s been a while since he last visited Sanford, and previous visits have been for routine checkups. However, when Your News Leader told her about DMS’ involvement, she said she didn’t recall it being obvious that DMS had been involved. She said it’s possible she could have missed it.

“I hope that Sanford would not point the finger at somebody else. They obviously contracted or signed with Sanford, so why would they blame somebody else? If I go to Sanford, and my son has an x-ray, that’s Sanford, and it’s Sanford’s responsibility to maintain the confidentiality of my son. I don’t care who they contracted on the other side, it’s Sanford’s responsibility to protect his information,” Burch said.

Sanford hasn’t confirmed if any of its patients’ information has been leaked, but some North Dakotans say they’ve received fraud alerts from their credit card companies since the breach.

Security Advisor Geoff Wiitala from Starlight IT and Security says data breaches like this are often about money.

“You’ve got to remember, for a lot of these threat actors, it’s all about money,” Wiitala said.

He said it’s becoming more common for scammers to target hospitals and conduct ransomware attacks because of the vast amounts of patient data. If the hospital or vendor doesn’t go along with their demands, Wiitala said the hackers are usually good at following through on their word to release patients’ information on the dark web.

So far, we don’t know who was behind the attack or what exactly they did with the stolen information.

Sanford said anyone who’s unsure if their data has been compromised can contact DMS at 866-373-7164 to check if they were among those affected.

We contacted DMS and DMS’ law firm for comment, but they either didn’t immediately respond or declined to answer.

We also asked Sanford for a statement, but they declined.

Previous coverage: Personal information of thousands of Sanford Health patients potentially compromised