14 DAY TRIAL // The system processing card payments for the gift shop at Saint Francis hospital in Tulsa, Oklahoma, was compromised for a brief period, capturing financial data of the customers.
The store provides a variety of gifts visitors can buy for patients, from balloons to flowers and different plants. Any profit from the sales is collected by the hospital.
Compromise lasted for about two weeks
The breach was discovered on March 20, but results from the investigation showed that the compromise occurred earlier in the month, on March 5, and lasted for about two weeks, until March 17.
At the moment, there is no information about the number of individuals impacted by the incident, but anyone making a purchase at the gift shop during the aforementioned time interval is advised to review bank account statements for irregular transactions.
According to the official statement from the hospital, an attacker managed to plant malware on the point-of-sale (PoS) device at the shop and searched for payment card information routed through the terminal.
Risk of fraudulent online purchases
The card details exposed include the name of the cardholder, card number, expiration date and the security code. Although this data is not sufficient to clone a victim’s card and perform unauthorized withdrawals, it can be used to make fraudulent online purchases. Products bought this way are later sold for a fraction of the original price.
Most of the banks do not hold the owner of the card responsible for such unauthorized transactions and will cover the financial loss, if the illegal activity is reported.
Saint Francis hospital is now working with credit card companies and processors to provide the full list of cards that were used at the gift shop during the compromise interval. This measure will help the card issuing institutions to deploy the necessary measures to protect the customers.
Anyone looking for more information about this incident can call Saint Francis.