120K Victims Compromised in Memorial Hospital Ransomware Attack

In Bainbridge, Ga., the small Memorial Hospital and Manor is notifying 120,000 individuals that their personal information was stolen in a ransomware attack.

The ransomware attack was first disclosed in November, but at the time, it said that though its systems were down, and staff would have to revert to pen and paper to record patient information, its operations remained uninterrupted. 

Memorial retained cybersecurity experts and launched a forensic investigation to determine the scope of the breach and what was compromised. Though it still hasn't provided information on what kind of ransomware infected its systems, the Embargo ransomware group claimed responsibility for the attack, alleging that it stole 1.15 terabytes of data from the hospital's systems — information that is now available for public viewing on its Tor leak site.

In a filing with the Maine Attorney General's Office, Memorial wrote that notification letters were mailed out to affected Maine residents on Feb. 7, offering a year of complimentary identity protection services, credit monitoring, a $1 million identity fraud loss reimbursement policy, and identity theft recovery services through IDX. 

Some of the personal information Memorial notes in its letter that may have been impacted include names, Social Security numbers, dates of birth, health insurance information, medical treatment, and medical history. 

"Please note that Memorial has no current evidence to suggest misuse or attempted misuse of personal information involved," Memorial wrote, though now that this information is readily available on a public site, it may not be long before threat actors use it to their advantage.