Betty Jean Kerr People’s Health Centers, a St. Louis-area medical and social services provider, was victimized last September by a ransomware attack that continues to prevent access to data collected from patients, health care providers and employees.

The Associated Press reported on Friday that the breach affects roughly 152,000 people. The provider serves thousands of uninsured and medically underserved individuals in and around St. Louis.

The official company notification, People’s said the ransomware has locked up data from 2011 through Sept. 2, 2019, the data of the cyberattack. Impacted patient data includes names, birth dates, addresses, Social Security numbers, limited clinical data, pharmacy data, insurance information and dental x-rays. Employee and health care provider information includes names, addresses and Social Security numbers as well.

It’s possible this information could have been accessed and viewed by the attackers as well, People’s acknowledges.

The medical providers who were affected had provided their data to People’s as part of an effort to be credentialed by People’s.

People’s said that in response to the attack, it is offering a year of free credit monitoring to interested parties, and also sought the help of a forensic IT firm. The health center said that a “foreign actor” was behind the attack and that it was not planning to pay the ransom demand.