News Brief

In Bainbridge, Georgia, a small hospital, Memorial Hospital and Manor, has informed 120,000 individuals that their personal information was stolen in a ransomware attack.

The ransomware attack was first disclosed in November, but at that time, it stated that although its systems were down, staff would have to revert to pen and paper to record patient information, and its operations remained uninterrupted.

Memorial Hospital and Manor retained cybersecurity experts and launched a forensic investigation to determine the scope of the breach and what was compromised. However, it has yet to provide information on what kind of ransomware infected its systems, as the Embargo ransomware group claimed responsibility for the attack, alleging that it stole 1.15 terabytes of data from the hospital’s systems — information that is now available for public viewing on its Tor leak site.

In a filing with the Maine Attorney General’s Office, Memorial stated that notification letters were mailed out to affected Maine residents on February 7, offering a year of complimentary identity protection services, credit monitoring, a $1 million identity fraud loss reimbursement policy, and identity theft recovery services through IDX.

The personal information that may have been impacted, according to Memorial, includes names, Social Security numbers, dates of birth, health insurance information, medical treatment, and medical history.

“Please note that Memorial has no current evidence to suggest misuse or attempted misuse of personal information involved,” Memorial wrote, although now that this information is publicly available, it may not be long before threat actors exploit it to their advantage.