"Memorial Health System Confirms Data Breach"

A cyberattack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients.  Memorial Health System was hit with ransomware in the early hours of August 15, 2021.  The incident forced the health system to suspend user access to all information technology applications related to its operations.  The disruption caused surgical cases and radiology exams to be canceled and placed Memorial Health System emergency departments on diversion.  After the attack three days later, in a press statement, Memorial Health System gave the impression that they opted to pay their attackers.  An investigation into the security incident determined that adversaries had broken into the health system’s network on July 10, 2021, then waited a month to deploy ransomware.  By December 9, 2021, the investigation determined that patients’ names, addresses, Social Security numbers, medical/treatment information, and health insurance information may have been viewed and stolen.  Memorial Health System began notifying impacted patients via letter on January 12, 2022.  

Infosecrity reports: "Memorial Health System Confirms Data Breach"