Indiana-based Eskenazi Health says it’s not yet determined if patients need to be notified individually. Hackers stole some data and posted it on the dark web after a recent ransomware attack. Ransomware group Vice Society lists an Eskezazi Health data dump on its darknet site. State and federal breach notification laws can force healthcare organizations to assume the worst case scenario in their assessment of the scope and breadth of data that was compromised. Some U.S. regulators are expressing impatience with healthcare notification to affected individuals and enforcement agencies following ransomware incidents.”]
Source: https://www.cuinfosecurity.com/after-ransomware-attack-when-must-patients-be-notified-a-17387