INDIANAPOLIS — After losing her entire sophomore season to the COVID pandemic and missing most of her junior season due to injury, Tori Candler has been healthy and hitting in 2022, especially as of late.

The Roncalli senior entered Wednesday's Sectional 11 championship game with home runs in two straight games. She finished the night with four homers over her past three games, with her second dinger of the night — a two-run blast in the bottom of the fifth — capping off a 10-0 run-rule win over New Palestine.

The defending Class 4A state champions are moving on.

Avon repeats as sectional champs:'We knew this should be ours again.'

IHSAA softball sectionals:Scores, schedule, updated pairings

"Honestly, I've kept the same approach ever at bat," said Candler, who spent both pre-game weather delays hanging out in the dugout, eating Oreos. "I scan the field, take a deep breath, stretch out my shoulders and walk in there looking to hit a line drive."

Candler has been dialed in at the plate. She took the second pitch she saw in the bottom of the second and drilled it out to left field, then took three pitches before walking it off three innings later.

Candler batted .714 with 11 RBIs and four home runs in sectionals (wins over Warren Central, Franklin Central and New Palestine).

"She'll complain, probably, that she's batting seventh and ask when she's going to move up in the lineup, but that ain't going to happen," coach David Lauck joked. "I'm just so happy for her… For a senior to come into the spotlight and have huge games in the sectional — that's really what it's all about."

Keagan Rothrock was excellent both in the circle and at the plate.

She limited the Dragons to just one hit and struck out 10 of the 16 batters she faced.

New Palestine scored five runs off the Florida-bound junior when the teams met at the end of April and was making contact against her again Wednesday night. But everything that was put in play — aside from Katie Hirschy's third-inning single — was swiftly cleaned up by the Roncalli defense, which has now gone error-free in 21 contests, according to MaxPreps.

"The last time we played them, I definitely was not on my A-game," Rothrock said. "There was a lot of stuff that wasn't working and a lot they hadn't seen the best of yet, so I just focused on the mechanics and how pitches move."

Rothrock made an immediate impact at the plate, too.

Abbey Hofmann worked back from an 0-2 count to draw a nine-pitch walk with two outs in the first. Two pitches later, Rothrock deposited Alexa Holman's 1-0 offering over the left-field wall.

"I had actually looked at our assistant coach, Rick, and I said, 'She's throwing it right where I like it and I feel a hit,'" Rothrock said. "Then I hit it."

"So much for the breaks I was thinking about. If we get the strike three call there (against Hofmann), we're out of the inning," New Palestine coach Ed Marcum lamented. "That kind of set the tone, it felt like, but they're really good. There's a reason they're No. 1 in the nation and undefeated."

Though ultimately undone by a trio of third-inning errors that resulted in five Roncalli runs, the Dragons maintained energy and confidence at the plate throughout the contest, cheering each other on and picking each other up between innings.

That high-energy and positivity was a staple of this year's group, Marcum said — as illustrated by the night's theme: fun hats.

"Tonight doesn't take away from how I feel about my team," he said. "These are outstanding young ladies and this year has been an absolute blast. They're just fun to be around and that's what I'm going to miss most about this group and the seniors. They're outstanding young ladies who are going to do great things in life."

New Palestine finishes the season 23-4-1. Roncalli will face Avon in regionals Tuesday night.

Follow IndyStar high school sports Insider Brian Haenchen on Twitter at @Brian_Haenchen.

Once reported, OCR posts healthcare data breach information on its breach portal, which is publicly available. Sometimes referred to as the HIPAA “wall of shame,” the portal provides information on the number of individuals impacted, the breach submission date, type of breach, and the location of the breached information.

The portal’s 2021 entries show the continuation of a troubling trend—as the pandemic continues to overwhelm providers and threat actors get savvier, healthcare data breaches are not slowing down. OCR named over 550 covered entities that have experienced a data breach in 2021, at the time of publication. Over 40 million individuals faced PHI exposure as a result of these breaches.

The 10 biggest reported healthcare data breaches of 2021 (by number of individuals affected) were all hacking/IT incidents, and all but one occurred on the organization’s network server. Ransomware continues to be a threat across the healthcare sector, and the trend is likely to continue in 2022.

Despite a growing number of cyber threats, many healthcare organizations have learned to adapt and prepare for cyberattacks and data breaches by implementing cyber incident response plans, conducting third-party risk assessments, and enacting technical safeguards.

Health plan Florida Healthy Kids Corporation started the year by reporting the biggest healthcare data breach of 2021 to date on January 29. The breach impacted 3.5 million individuals.

According to Health News Florida, the personal information of millions who applied for coverage or were enrolled in Florida KidCare between 2013 and 2020 was exposed after the health plan’s website was targeted in a cyberattack.

Florida KidCare is a nonprofit that includes Medicaid, MediKids, Florida Healthy Kids, and the Children’s Medical Services program.

Florida Healthy Kids Corporation said it was notified of the incident on December 9, 2020. Social Security numbers, birth dates, names, addresses, and financial information may have been accessed by threat actors during the cyberattack. Further investigation revealed that the health plan’s website, maintained by Jelly Bean Communications Design, had significant security vulnerabilities that were overlooked.

Florida-based 20/20 Eye Care Network reported a healthcare data breach to HHS on May 24. According to a notice from the Maine attorney general’s office, 20/20 discovered suspicious activity on its Amazon Web Services (AWS) environment on January 11, 2021.

20/20 notified the FBI immediately after it deactivated and reset access credentials. Some information was accessed and possibly deleted after a bad actor hacked into the provider’s AWS cloud storage environment to download and destroy data.

20/20 informed over 3.2 million individuals that their Social Security numbers, names, addresses, member identification numbers, birth dates, and health insurance information may have been exposed or deleted.

Forefront Dermatology, S.C., notified HHS on July 8 of a data breach that impacted over 2.4 million individuals, including patients and employees. The dermatology practice identified a network intrusion on June 4 and promptly took its network offline.

However, between May 38 and June 4, an unauthorized party had access to Forefront Dermatology’s IT network and accessed files containing names, birth dates, patient account numbers, addresses, dates of service, provider names, medical treatment information, and medical record numbers.

“While the investigation found evidence that only a small number of patients' information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients' information may have been subject to unauthorized access,” Forefront Dermatology stated in July.

“Patients whose information may have been involved in this incident are being notified by Forefront Dermatology and are advised to review the statements they receive from their health care providers and health insurance plan. If individuals see services they did not receive, they should contact the provider or health plan immediately. To help prevent something like this from happening again, Forefront Dermatology is enhancing its security protocols.”

NEC Networks, which does business under the name CaptureRx, faced a healthcare data breach in February that impacted over 1.6 million people and impacted more than 16 healthcare organizations. CaptureRx is an IT vendor that helps healthcare systems manage their 340B drug programs.

Further investigation and notices by other healthcare organizations brought the total number of patients impacted to approximately 2.4 million individuals.

Although initially reported to HHS on May 5, healthcare systems that were impacted by the business associate breach continued to announce their involvement throughout the summer of 2021. In July, MetroHealth System in Ohio announced that its patient files were accessed during the breach. In August, New York-based Catholic Health said that patient PHI was impacted as a result of the CaptureRx incident.

The breach impacted patient PHI across multiple healthcare organizations, exposing prescription data, names, and birth dates.

The breach also impacted Walmart, Jones Memorial Hospital, and Trinity Twin City Hospital, among others.

Indianapolis-based Eskenazi Health notified HHS of a data breach on October 1. The breach was discovered on August 4 and led to significant EHR downtime and ambulance diversions.

Initially, Eskenazi Health said it was unsure whether patient information was used maliciously. On October 1, the hospital announced that further investigation had revealed that bad actors stole and posted patient information on the dark web. Bad actors may have had access to the hospital’s network as early as May.

As of November, one patient was seeking class-action status in a lawsuit against Eskenazi Health, alleging the hospital’s ransomware attack resulted in fraudulent charges on her credit card along with wasted money and time.

The Kroger Co. reported a healthcare data breach to HHS on February 19. The grocery chain was one of over 100 victims of the Accellion data breach, which occurred in December 2020 and impacted a dozen healthcare organizations.

No more than 1 percent of Kroger Health and Money Services customers were impacted, along with some employees whose HR records were impacted. Accellion’s File Transfer Application (FTA) was compromised when bad actors from Clop ransomware exploited zero-day vulnerabilities.

“The incident was isolated to Accellion's services and did not affect the Kroger Family of Companies' IT systems or any grocery store systems or data. No credit or debit card information or customer account passwords were affected by this incident,” Kroger’s statement explained.

“After being informed of the incident's effect on January 23, 2021, Kroger discontinued the use of Accellion's services, reported the incident to federal law enforcement, and initiated its own forensic investigation to review the potential scope and impact of the incident.”

Beaumont Health announced in September that around 1,500 of its patients had also been impacted by the Accellion breach.

St. Joseph’s/Candler (SJ/C) Health System in Savannah, Georgia discovered a ransomware attack on June 17 that led to significant EHR downtime. Further investigation determined that the breach began on December 18, 2020. The hospital system’s computers and telecommunications systems were inaccessible, and clinicians had to document clinical notes on pen and paper.

SJ/C notified HHS and released an official press release on August 10. The release stated that “SJ/C cannot rule out the possibility that, as a result of this incident, files containing patient and co-worker information may have been subject to unauthorized access.”

As of September, patients had filed two class-action lawsuits against SJ/C, alleging that the Georgia health system was negligent in preventing the attack, which went undetected for six months.

“It wasn’t a simple software glitch or temporary power outage. It was, instead, a complete information technology (IT) meltdown,” one of the lawsuit filings stated.

“Everything, from electronic medical record[s] (EMR) used to document encounters to the lab, radiology and billing software, went down. Even the phones, which are formatted as voice over the internet protocol (VOIP) devices, stopped working. All of St. Joseph’s/Candler usual patient encounter protocols were immediately rendered ineffective. The hospital system was, in essence, flying blind.”

University Medical Center Southern Nevada fell victim to a REvil/Sodinokibi ransomware attack in June that compromised files containing the personal information of 1.3 million individuals. The hackers also posted photos of passports, Social Security cards, and driver’s licenses on the dark web for about a dozen individuals.

McAfee’s quarterly cyber threat report showed that REvil/Sodinokibi were responsible for 73 percent of ransomware detections in Q2 2021.

The Department of Justice (DOJ) announced in November that it charged two individuals in connection with REvil/Sodinokibi cyberattacks.

New York-based American Anesthesiology (owned by North American Partners in Anesthesia) client information was exposed when an unauthorized party gained access to the email system of the practice’s business associate, MEDNAX.

Bad actors orchestrated a phishing attack and successfully gained access to several email accounts for five days between June 17 and June 22 of 2021. The breach was submitted to HHS on January 8.

The hacker appeared to be primarily interested in payroll fraud, although their attempts were unsuccessful.

Patient contact information, health insurance information, treatment information, and billing information was impacted during the business associate breach.

In July, practice management vendor Professional Business Systems, doing business as Practicefirst, announced that a 2020 ransomware attack had potentially exposed the PHI of patients and employees.

A malicious hacker attempted to deploy ransomware and successfully copied files from Practicefirst’s system that contained birth dates, names, addresses, Social Security numbers, email addresses, tax identification numbers, diagnoses, lab results, medication information, and employee usernames and passwords. The information was later deleted.

“We immediately reported the Incident to appropriate law enforcement authorities and implemented measures to further improve the security of our systems and practices,” the vendor’s statement explained.

As 2021 comes to a close and holidays approach, bad actors are unlikely to stop targeting the healthcare sector with ransomware attacks and exploitation attempts.

Fitch Ratings - Chicago - 10 Nov 2021: Fitch Ratings has affirmed St. Joseph's/Candler Health System's (SJ/C) Issuer Default Rating at 'A'. Fitch as also affirmed the 'A' ratings assigned to revenue bonds issued by the Savannah Hospital Authority, GA and South Carolina Jobs-Economic Development Authority on behalf of SJ/C.

The Rating Outlook is revised to Positive from Stable.

The bonds are secured by an unrestricted receivables pledge of the obligated group (OG), which includes the parent corporation, St. Joseph's Hospital and Candler Hospital. The OG accounts for roughly 90% of system assets and revenues. Fitch's analysis is based on the consolidated system.

The affirmation of the 'A' rating reflects the maintenance of strong operating margins despite the coronavirus pandemic and other operating pressures, including a cyber-attack in June 2021. SJ/C had an operating EBITDA margin of 9.6% in fiscal 2021, which was above budget and demonstrated SJ/C's history of successfully managing through challenging events. SJ/C has continued to maintain its modest market share lead in a favorable service area. The Outlook revision to Positive considers Fitch's expectation that SJ/C's capital-related ratios will continue to improve over time, which has led to a financial profile consistent with a very strong assessment.

Revenue Defensibility: 'bbb'

Leader in Competitive, Favorable Service Area with Broad Market Reach

SJ/C's revenue defensibility is midrange with a modest market share lead in its broad primary service area (PSA) consisting of a multi-county region centered on Savannah, GA covering portions of Georgia and South Carolina. SJ/C has a good payor mix, with Medicaid and self-pay accounting for a low 13% of gross revenues in fiscal 2021. SJ/C is one of two hospital systems in Savannah, competing with Memorial Health (a member of for-profit HCA).

Both systems offer an array of high-acuity tertiary services covering the broad PSA and SJ/C continues to maintain a market share lead (approximately 52% in 2020). The PSA has favorable demographic characteristics and SJ/C continues to invest in service line expansions with an emphasis on growing the primary service provider base and expanding clinical access points.

Operating Risk: 'a'

Maintenance of Solid Operating Margins Despite Considerable Pressures

The system's operating EBITDA margin remained strong at 9.6% in fiscal 2021, despite facing considerable pressures from the coronavirus pandemic and other events. The maintenance of strong margins despite staffing and expense pressures, as well as the cyber security attack, illustrate SJ/C's operating resiliency. Volumes and revenues have rebounded from pandemic-lows and the system has identified cost management strategies. SJ/C also continues to expand its reach and ambulatory network that Fitch expects will lead to the maintenance of strong operating EBITDA margins in the 9% range going forward.

SJ/C has consistently reinvested in its plant as the capital spending ratio averaged more than 175% between fiscal years 2017 and 2021. Capital spending is considered to be manageably elevated as the system continues to expand its outpatient network.

Financial Profile: 'aa'

Strong Financial Profile with Liquidity Growth Expected

SJ/C's financial profile is strong, and with continued maintenance of operating results, the system should build liquidity and improve capital-related ratios over time. At FYE 2021, SJ/C had approximately $371 million in unrestricted cash and investments (adjusted to move $58 million in Medicare advance payments from unrestricted to restricted) and $287 million in outstanding debt, translating to a solid cash-to-adjusted debt of just under 130%. Fitch anticipates that solid cash flow generation and manageable capex will allow SJ/C to continue to grow liquidity in Fitch's forward-looking scenario analysis, including in a stress case.

There are no asymmetric risk factors associated with SJ/C's rating.

Factors that could, individually or collectively, lead to positive rating action/upgrade:

--Continued growth in unrestricted liquidity leading to maintenance of cash-to-adjusted debt above 120%, including in a forward-looking stress case, especially if bolstered by sustained operating EBITDA margins in the 9% range or better.

Factors that could, individually or collectively, lead to negative rating action/downgrade:

--Decline in operating metrics leading to a sustained operating EBITDA margin of 7% or lower;

--Material unexpected increase in debt or decline in unrestricted cash and investments leading to much weaker liquidity and capital-related ratios, particularly if cash-to-adjusted debt were expected to remain below 100% for the foreseeable future.

International scale credit ratings of Sovereigns, Public Finance and Infrastructure issuers have a best-case rating upgrade scenario (defined as the 99th percentile of rating transitions, measured in a positive direction) of three notches over a three-year rating horizon; and a worst-case rating downgrade scenario (defined as the 99th percentile of rating transitions, measured in a negative direction) of three notches over three years. The complete span of best- and worst-case scenario credit ratings for all rating categories ranges from 'AAA' to 'D'. Best- and worst-case scenario credit ratings are based on historical performance. For more information about the methodology used to determine sector-specific best- and worst-case scenario credit ratings, visit https://www.fitchratings.com/site/re/10111579.

SJ/C is a two-hospital system with 636 licensed beds in Savannah, GA, serving coastal Georgia and the low country of South Carolina. The system is a tertiary referral hospital network, with a broad market reach over multiple counties in the two states. To support this reach, SJ/C has a broad and growing network of ambulatory sites, including multiple primary care centers, multiple urgent care centers, several outpatient retail locations, and a micro-hospital that opened in Pooler, GA in March 2019. In all, SJ/C has more than 100 access points within a 125-mile radius of Savannah. Total audited operating revenue exceeded $775 million in fiscal 2021 (June 30 YE).

There are no asymmetric risk factors identified with SJ/C's rating.

SJ/C's management team has been in place for years, with no near-term retirements planned among key C-suite executives. The system has a succession planning process in place for key staff.

SJ/C does not have demand debt and all debt is fixed rate. Maximum annual debt service (MADS) is $20.0 million. Based on fiscal 2021 results, MADS coverage is 3.8x and does not pose an asymmetric risk. Financial covenants include minimum debt service coverage ratios of 1.10x (consultant call-in) and 1.00x (event of default for two consecutive years). SJ/C has sufficient headroom to the covenant.

SJ/C has one forward-starting fixed payor swap in place. The notional amount of the swap is approximately $46 million and the net termination was a negative $1.4 million to SJ/C at FYE 2021. Barclays is the counterparty. The swap becomes effective in July 2023 and terminates in July 2031.

In addition to the sources of information identified in Fitch's applicable criteria specified below, this action was informed by information from Lumesis.

The principal sources of information used in the analysis are described in the Applicable Criteria.

Unless otherwise disclosed in this section, the highest level of ESG credit relevance is a score of '3'. This means ESG issues are credit-neutral or have only a minimal credit impact on the entity, either due to their nature or the way in which they are being managed by the entity. For more information on Fitch's ESG Relevance Scores, visit www.fitchratings.com/esg.

The rated entity (and/or its agents) or, in the case of structured finance, one or more of the transaction parties participated in the rating process except that the following issuer(s), if any, did not participate in the rating process, or provide additional information, beyond the issuer’s available public disclosure.

Numbers in parentheses accompanying applicable model(s) contain hyperlinks to criteria providing description of model(s).

Copyright © 2021 by Fitch Ratings, Inc., Fitch Ratings Ltd. and its subsidiaries. 33 Whitehall Street, NY, NY 10004. Telephone: 1-800-753-4824, (212) 908-0500. Fax: (212) 480-4435. Reproduction or retransmission in whole or in part is prohibited except by permission. All rights reserved. In issuing and maintaining its ratings and in making other report

The ratings above were solicited and assigned or maintained by Fitch at the request of the rated entity/issuer or a related third party. Any exceptions follow below.

Fitch’s international credit ratings produced outside the EU or the UK, as the case may be, are endorsed for use by regulated entities within the EU or the UK, respectively, for regulatory purposes, pursuant to the terms of the EU CRA Regulation or the UK Credit Rating Agencies (Amendment etc.) (EU Exit) Regulations 2019, as the case may be. Fitch’s approach to endorsement in the EU and the UK can be found on Fitch’s Regulatory Affairs page on Fitch’s website. The endorsement status of international credit ratings is provided within the entity summary page for each rated entity and in the transaction detail pages for structured finance transactions on the Fitch website. These disclosures are updated on a daily basis.

Ocala Star-Banner

Area students excel in higher education

University graduate

Hetu Patel, Ocala, Bachelor of Science degree in Industrial Engineering with Highest Honors, Georgia Institute of Technology

President’s List

Gladys Lupu, Ocala, University of Alabama

Packed house:In less than a decade, 97% of land in Ocala/Marion County Commerce Park is sold

'It won't be developed':Jim Gissy will conserve newly purchased 1,300 acres in SW Marion

Retail vendors, restaurants, food trucks:New Ocala Mall will be housed in old Ocala Kmart

Dean’s List

Hunter Hughes, Ocala, Grove City College

Diego Lavieri-Sosa, Ocala, Mercer University

Dishon Ballard, Ocala, University of Alabama

Catherine Bedore, Ocala, University of Alabama

Kristin Stockton, Ocala, University of Alabama

Cassidy Bowlin, Candler, Missouri State University

Lauren Reimsnyder, Belleview, Bethel University

Spencer Kyle Truman, Ocala, Iowa State University

Honor Roll List

Carrie Combs, Ocala, Mercy College of Ohio

Dunnellon H.S. student wins AFJROTC scholarship

Joshua Lathrop, a cadet lieutenant colonel in Air Force Junior ROTC at Dunnellon High School, has received the J-100 AFJROTC Character-in-Leadership Scholarship to attend an accredited university of his choice, according to an email from Lt. Col. Dwayne Gray, JROTC instructor for Dunnellon High.

The scholarship identifies 100 stellar high school senior cadets for their character and leadership that is embodied in AFJROTC. It affords them the opportunity to compete for an invaluable commission as a United States Air Force or Space Force officer, the email said.

The scholarship includes four years of 100% paid tuition, in addition to university-owned/on-campus housing fees, a book stipend and the standard AFROTC cadet stipend of $300 to $500 a month.

The scholarship is valued at approximately $250,000.

Send items to calendar@starbanner.com

The Very Rev. Sam Candler, Dean of the Episcopal Cathedral of St. Philip in Atlanta, was awarded an honorary Doctor of Divinity degree by the University of the South last month for his “exemplary willingness to take on the hard soul work of Christian responsibility and carry on that work faithfully and lovingly,” particularly in his lifelong devotion to faithful parish ministry.

With a B.A. degree, cum laude, from Occidental College, and an M.Div. degree, magna cum laude, from Yale University Divinity School, Sam Candler loves the lively community and diversity of parish life. He has served as Dean of the Cathedral of St. Philip for the past 23 years, previously serving in parishes throughout Georgia and South Carolina. An amateur pianist, he had intended to become a jazz musician before he was called into the priesthood. Thus, he values the role of music in prayer, and has served on Liturgy and Music Committees in several dioceses. Besides his love of scripture and bible study, he also loves the outdoors; he continues to fish, hunt, hike, and observe the stars as much as possible. He speaks regularly on the role of religion in matters of science and environmental sustainability.

The Very Rev. James Turrell, who was installed as Dean of the School of Theology at Sewanee during the same service at All Saints’ Chapel in Sewanee, Tennessee, remarked that Candler is a “true son of the South” who has “labored devotedly under the burden of its peculiar history.” Turrell also said that throughout his career in a variety of parishes, Candler has had an “elegant, compelling, and accessible voice of . . . Good Faith and the Common Good.”

Candler thanked the Sewanee community at a gala dinner following the service: “I have given my ordained life in the Episcopal Church to parish ministry, over and over again; and, for me, Sewanee, and the University of the South, are the epitome of parish ministry. It is holy life. Faithful people, through thick and thin, learning and living with each other, in the presence of grace and in the presence of God, are what parish ministry is.”

Also recognized for their exemplary work in the Episcopal Church were Quintin E. Primo III, Board Chair of the Church Investment Group, and Thomas Murray, University Organist and Professor Emeritus at Yale School of Music and the Institute of Sacred Music.