Georgia community hospital Wayne Memorial Hospital (WMH) is notifying over 160,000 individuals that their personal information was stolen in a May 2024 data breach.
The incident, the hospital notes in the notification letter to the impacted individuals, a copy of which was submitted to the Attorney General’s Offices in several states, was identified on June 3, 2024, and involved ransomware.
The hackers had access to the healthcare organization’s network between May 30 and June 3, 2024, encrypted data on hospital systems, and left a ransom note.
“Upon discovery of this event, WMH immediately disconnected access to its network and took certain systems offline while it worked to safely and securely restore its network from backups,” the hospital says.
During the attack, the hospital says, the hackers accessed information such as names, dates of birth, Social Security numbers, driver’s license numbers, state ID numbers, user credentials, credit card numbers, health insurance information, diagnosis and treatment information, medical history, lab results, and prescription details.
WMH told the Maine AGO that 163,440 people were affected by the data breach. While the compromised information varies by individual, the hospital is providing those affected with 12 months of free credit monitoring and identity theft protection services.
The hospital says it engaged legal counsel and cybersecurity professionals to secure its network and investigate the attack. It also performed network-wide password resets, and implemented additional detection and response capabilities.
“WMH does not have any evidence that the unauthorized actor misused anyone’s personal information for identity theft or fraud in connection with this event,” the hospital said, noting that the hackers were attempting to extort WMH.
The healthcare organization did not name the threat actor responsible for the attack. In June 2024 the Monti ransomware group added Wayne Memorial Hospital to its Tor-based leak site, albeit noting it was the Honesdale, Pennsylvania-based hospital.
Active since at least 2022, Monti is known for exploiting software vulnerabilities for initial access. To date, Monti has claimed 16 confirmed attacks, Comparitech says. However, the ransomware group appears to have been inactive since May 2025.
Related: Plex Urges Password Resets Following Data Breach
Related: Threat Actor Connected to Play, RansomHub and DragonForce Ransomware Operations
Related: Tripwire for Real War? Cyber’s Fuzzy Rules of Engagement
Related: Mass Personal Data Theft From Paris Covid Tests: Hospitals
