On June 9, 2023, reports began to surface about a possible data breach at Columbus Regional Healthcare System (“CRHS”). Evidently, the Daixin ransomware gang confirmed that it orchestrated a ransomware attack against CRHS and, after the North Carolina-based healthcare system failed to meet the hackers’ demands, plans to leak an untold amount of confidential patient data. CRHS has not yet provided notice of the incident to patients. However, if CRHS confirms that patient data was leaked as a result of the ransomware attack, CRHS will begin sending out data breach notification letters to all individuals.

If you received a data breach notification from Columbus Regional Healthcare System, it is essential you understand what is at risk and what you can do about it. While CRHS has not yet publicly acknowledged the ransomware attack or subsequent data breach, it is never too soon for patients to take steps to protect themselves. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Columbus Regional Healthcare System data breach, please see our recent piece on the topic here.

What We Know So Far About a Possible Columbus Regional Healthcare System Breach

News of the Columbus Regional Healthcare System data breach is still fresh; however, what we know at this point comes from a report by databreaches.net. According to this source, the Daixin ransomware group claims to have encrypted the CRHS network on May 18, 2023, after exfiltrating data and deleting backups stored on the system.

A spokesperson for Daixin claims that, initially, CRHS was interested in negotiating the ransom demand. However, after CRHS explained that it was unable to come up with the $2 million demanded by the hackers, negotiations broke down. Despite this, Daixin reached back out to CRHS, indicating that the group would accept a reduced ransom of $1 to delete the data; however, according to the Daixin spokesperson, CRHS never responded.

As a result, Daixin plans on leaking more than 250,000 files within the next day or so. Daixin shared some of the compromised data with databreaches.net, which noted that there were 256,000 files containing tax forms, employee records, and billing and accounting records.

Importantly, Columbus Regional Healthcare System has not yet publicly confirmed the attack. However, assuming the hackers’ claims are true, CRHS will eventually need to investigate the incident to determine what information was leaked and who it belonged to. At the conclusion of the CRHS investigation, the company will send out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Columbus Regional Healthcare System

Founded in 1935, Columbus Regional Healthcare System is a healthcare system located in Whiteville, North Carolina. CRHS operates ten facilities in Leland and Whiteville, including a 154-bed hospital, a urology clinic, an OB/GYN practice, an orthopedics practice, and several imaging centers. Columbus Regional Healthcare System employs more than 815 people and generates approximately $77 million in annual revenue.