Grays Harbor Community Hospital notifies 85,000 patients of ransomware incident

• A phishing email sent to an employee resulted in the spread of ransomware infection.
• Out of the total 85,000 patients, 10,000 of them are being notified by the Harbor Medical Group.

Grays Harbor Community Hospital (GHCH) and Harbor Medical Group (HMG) are notifying its patients regarding a recent ransomware attack that impacted patient health information.

What happened?

On July 15, 2019, GHCH and HMG discovered a ransomware that encrypted the databases containing electronic medical records of their patients. The ransomware infection quickly spread through the company network and encrypted internal files on the network.

According to the report by The Daily World, the attackers demanded a ransom payment in bitcoin which would be equivalent to $1 million. At present, the investigation into the incident has not attributed the attack to any specific threat actors or groups.

How was it discovered?

On July 15, 2019, the ransomware infection caused certain company servers to become unresponsive. This spurred an investigation which lead to the discovery of the ransomware infection as the reason behind it. The company’s IT department tried to stop it from spreading further by shutting down other online servers.

What information was involved?

So far, the company claims it has not found any evidence of exposure or unauthorized access to any data. However, the ransomware encrypted various kinds of data including:

• Patients’ medical records
• Patients’ personal information
• Demographic information
• Insurance information
• Medical history
• Medical treatment
• Billing information

What was the response?

• The company brought in third-party cyber consultants to assist in the data recovery process for the data encrypted by the ransomware
• Besides, GHCH and HMG also launched an internal investigation into the incident and notified the FBI regarding the incident.
• The company decided not to pay the ransom based on FBI’s advice as the ransom payment does not guarantee restoration of all the locked information.
• To prevent such incidents in future, the company is working to enhance its security systems and train its employees.
• GHCH and HMG is also offering Experian Credit Monitoring services to the patients affected by the incident.

Any affected patients can contact GHCH and HMG at a dedicated call center for patients with questions at 1-833-762-0219, Monday – Friday from 7:30 am – 5:00 pm Pacific Time.