Read Time:1 Minute, 55 Second

Memorial Health System Confirms Data Breach

A cyber-attack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients.

Memorial Health System was hit with ransomware in the early hours of August 15 2021. The incident forced the health system to suspend user access to all information technology applications related to its operations.

The disruption caused surgical cases and radiology exams to be canceled and placed Memorial Health System emergency departments on diversion.

Speaking at the time of the incident, Memorial Health System president and CEO Scott Cantley said: “Staff at our hospitals – Marietta Memorial, Selby and Sistersville General Hospital – are working with paper charts while systems are restored, and data recovered.”

A press statement, released three days after news of the ransomware attack broke, gave the impression that Memorial Health System had opted to pay its attackers.

“We have reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible,” said Cantley in the August 18 statement.

He added: “We are following a deliberate, systematic approach to bring systems back online securely and in a manner that prioritizes our ability to provide patient care.”

An investigation into the security incident determined that attackers had broken into the health system’s network on July 10 2021, then waited a month to deploy ransomware.

In September last year, Memorial Health System discovered that the patients’ data might have been accessed and exfiltrated in the incident. A review of what files the threat actors could have accessed was carried out.

By December 9 2021, it had become clear that patients’ names, addresses, Social Security numbers, medical/treatment information and health insurance information may have been viewed and stolen.

Memorial Health System began notifying impacted patients via letter on January 12 2022. Individuals affected by the data breach have been offered a complimentary 12-month membership to Kroll’s credit monitoring service.

Jennifer Offenberger, associate vice president of service excellence at Memorial Health System, said: “While the extensive investigation with the FBI and cybersecurity teams indicates no reason to suspect there has been any fraudulent use or public release of patient information associated with this incident, we are notifying patients whose information may have been accessible during the breach.”

Cyber Security News

China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

SharePoint Phishing Scam Targets 1600 Across US, Europe

Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks

Security at the core of Intel’s new vPro platform

New Post-Exploitation Attack Method Found Affecting Okta Passwords

Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts

Critical flaw in AI testing framework MLflow can lead to server and data compromise

New vulnerabilities found in industrial control systems of major vendors

Mass Ransomware Attack

Memorial Health System Confirms Data Breach

Memorial Health System Confirms Data Breach

China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

SharePoint Phishing Scam Targets 1600 Across US, Europe

Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks

Security at the core of Intel’s new vPro platform

New Post-Exploitation Attack Method Found Affecting Okta Passwords

Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts