Memorial Health System Confirms Data Breach
A cyber-attack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients.
Memorial Health System was hit with ransomware in the early hours of August 15 2021. The incident forced the health system to suspend user access to all information technology applications related to its operations.
The disruption caused surgical cases and radiology exams to be canceled and placed Memorial Health System emergency departments on diversion.
Speaking at the time of the incident, Memorial Health System president and CEO Scott Cantley said: “Staff at our hospitals – Marietta Memorial, Selby and Sistersville General Hospital – are working with paper charts while systems are restored, and data recovered.”
A press statement, released three days after news of the ransomware attack broke, gave the impression that Memorial Health System had opted to pay its attackers.
“We have reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible,” said Cantley in the August 18 statement.
He added: “We are following a deliberate, systematic approach to bring systems back online securely and in a manner that prioritizes our ability to provide patient care.”
An investigation into the security incident determined that attackers had broken into the health system’s network on July 10 2021, then waited a month to deploy ransomware.
In September last year, Memorial Health System discovered that the patients’ data might have been accessed and exfiltrated in the incident. A review of what files the threat actors could have accessed was carried out.
By December 9 2021, it had become clear that patients’ names, addresses, Social Security numbers, medical/treatment information and health insurance information may have been viewed and stolen.
Memorial Health System began notifying impacted patients via letter on January 12 2022. Individuals affected by the data breach have been offered a complimentary 12-month membership to Kroll’s credit monitoring service.
Jennifer Offenberger, associate vice president of service excellence at Memorial Health System, said: “While the extensive investigation with the FBI and cybersecurity teams indicates no reason to suspect there has been any fraudulent use or public release of patient information associated with this incident, we are notifying patients whose information may have been accessible during the breach.”
More Stories
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy. Read More
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI...
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine Read...
LockBit Admins Tease a New Ransomware Version
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025 Read More
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns
The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging...
CISA Urges Encrypted Messaging After Salt Typhoon Hack
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging...