An attack, which appears to have been carried out by a ransomware gang known as Hive, encrypted the computers of Memorial Health System, a US non-profit organization.
A major attack on Sunday morning affected some of the department’s infrastructure. It was detected after the system experienced a malfunction.
Memorial Health System consists of three hospitals (Marietta Memorial Hospital, Selby General Hospital, and Sistersville General Hospital), outpatient service offices, and clinics. The non-profit’s integrated health system employs more than 3,000 employees and is led by a volunteer board of community members.
The attack caused delays in the operation of various departments and procedures. A number of urgent surgical cases and radiology exams had been canceled. It also affected the organization’s financial operations.
Scott Cantley, the president and CEO of Memorial Health System, said that the organization’s investigation into the incident was still ongoing. He assured that patient or employee data had not been compromised.
Ransomware gangs usually steal data before carrying out the encryption routine. By exfiltrating sensitive information prior to encryption, attackers later can compel victims to pay a ransom in exchange for the promise of not sharing or leaking the stolen data.
BleepingComputer reported they have seen databases stolen from Memorial Health System with data from around 200,000 patients. The databases contained sensitive details such as social security numbers and dates of birth.
Hive, who is reportedly behind the hack, launched in late June. It has quickly claimed multiple victims since then. Like most ransomware gangs, they have a leak site, called HiveLeaks, which enables the threat actor to anonymously publish data stolen from victims.
Most of the businesses on the leak site are small to medium-sized, many of which have around 100 employees. The biggest non-paying victims are Altus Group, a provider of software and data services for the real estate industry.