Memorial Hospital and Manor is notifying 120,000 individuals that their personal information was stolen in a November 2024 ransomware attack.
The small rural hospital in Bainbridge, Georgia, disclosed the ransomware attack in early November, announcing that its systems were down and that staff had to revert to pen and paper to record patient information.
The hospital said its operations were not interrupted by the attack, but warned patients that the paper-based process would lead to longer wait times.
Memorial did not share information on the ransomware used in the attack, but the Embargo ransomware group claimed responsibility for the incident shortly after public disclosure.
The gang allegedly stole 1.15 terabytes of data from the hospital’s systems, and has since made the information publicly available on its Tor-based leak site.
Last week, Memorial notified the Maine Attorney General’s Office that the attackers stole the personal information and personal health information of 120,085 during the attack.
The compromised data includes names, dates of birth, Social Security numbers, medical history and treatment information, and health insurance information.
Memorial told the Maine AGO that it is sending written notification letters to the impacted individuals, and is providing them with 12 months of free identity protection and credit monitoring services.
“Please note that Memorial has no current evidence to suggest misuse or attempted misuse of personal information involved,” Memorial said.
However, since the stolen data is publicly available for download, cybercriminals may attempt to use it to target the impacted people in phishing and other types of attacks.
Related: Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System
Related: 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations
Related: Ransomware Payments Dropped to $813 Million in 2024
Related: Security Teams Pay the Price: The Unfair Reality of Cyber Incidents
