Memorial Health System Confirms Data Breach
A cyber-attack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients.
Memorial Health System was hit with ransomware in the early hours of August 15 2021. The incident forced the health system to suspend user access to all information technology applications related to its operations.
The disruption caused surgical cases and radiology exams to be canceled and placed Memorial Health System emergency departments on diversion.
Speaking at the time of the incident, Memorial Health System president and CEO Scott Cantley said: “Staff at our hospitals – Marietta Memorial, Selby and Sistersville General Hospital – are working with paper charts while systems are restored, and data recovered.”
A press statement, released three days after news of the ransomware attack broke, gave the impression that Memorial Health System had opted to pay its attackers.
“We have reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible,” said Cantley in the August 18 statement.
He added: “We are following a deliberate, systematic approach to bring systems back online securely and in a manner that prioritizes our ability to provide patient care.”
An investigation into the security incident determined that attackers had broken into the health system’s network on July 10 2021, then waited a month to deploy ransomware.
In September last year, Memorial Health System discovered that the patients’ data might have been accessed and exfiltrated in the incident. A review of what files the threat actors could have accessed was carried out.
By December 9 2021, it had become clear that patients’ names, addresses, Social Security numbers, medical/treatment information and health insurance information may have been viewed and stolen.
Memorial Health System began notifying impacted patients via letter on January 12 2022. Individuals affected by the data breach have been offered a complimentary 12-month membership to Kroll’s credit monitoring service.
Jennifer Offenberger, associate vice president of service excellence at Memorial Health System, said: “While the extensive investigation with the FBI and cybersecurity teams indicates no reason to suspect there has been any fraudulent use or public release of patient information associated with this incident, we are notifying patients whose information may have been accessible during the breach.”
More Stories
China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers
The deployment of custom credential theft malware is the main novelty of the new campaign Read More
SharePoint Phishing Scam Targets 1600 Across US, Europe
Cyber-criminals used the scam to steal the credentials for various email accounts Read More
Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over...
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection...
New Post-Exploitation Attack Method Found Affecting Okta Passwords
The flaw derives from the way the Okta system records failed login attempts to instances Read More
Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts
The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into...