Southern Ohio Health Systems experienced a data breach in January 2021, when a ransomware attack targeted the law firm Bricker & Eckler. The incident led to the potential exposure of personal, medical, and financial information of individuals. The breach affected clients of TriHealth, Inc. and Adena Health System, who had entrusted their sensitive data to the law firm. The situation resulted in a lawsuit and a preliminary approval of a $1.95 million settlement in the Southern Ohio Health Systems Data Breach Litigation.

How many accounts were compromised?

The breach impacted data related to approximately 420,000 individuals.

What data was leaked?

The data exposed in the breach included personal, medical, and financial information of the affected individuals.

How was Southern Ohio Health Systems hacked?

Hackers executed a ransomware attack on the law firm Bricker & Eckler, gaining unauthorized access to their internal systems and obtaining sensitive personal and medical data belonging to TriHealth, Inc. and Adena Health System clients. The exact methods used by the hackers remain unclear, but the data was eventually retrieved and deleted by Bricker & Eckler, who believe it was not further copied or retained by the unauthorized party.

Southern Ohio Health Systems's solution

In response to the hacking incident, Southern Ohio Health Systems took several measures to address the situation. Although specific security enhancements remain unclear, Bricker & Eckler, the targeted law firm, immediately contained the incident and launched an investigation with the help of third-party cybersecurity forensic experts. They also notified federal law enforcement and were able to retrieve and delete the compromised data. While the exact steps taken to prevent future incidents are not detailed, it is evident that Southern Ohio Health Systems and the involved parties took the breach seriously and acted promptly to mitigate its impact.

How do I know if I was affected?

Southern Ohio Health Systems has not explicitly mentioned reaching out to affected users. However, if you believe you may have been affected by the breach and have not received any notification, you can visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

1. Change Your Passwords: Immediately update your passwords for any accounts that may have been affected. Make sure the new passwords are strong and unique, not previously used on any other platform.

2. Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

3. Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

4. Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective service providers.

For more specific help and instructions related to Southern Ohio Health Systems's data breach, please contact Southern Ohio Medical Center's support directly.

Where can I go to learn more?

If you want to find more information on the Southern Ohio Health Systems data breach, check out the following news articles:

• Home Page - Southern Ohio Health Systems Data Breach

• Court Preliminarily Approves $1.95 million Settlement in In RE: Southern Ohio Health Systems Data Breach Litigation

• Documents - Southern Ohio Health Systems Data Breach