Hackers demand more than $1M in bitcoin from Washington hospital

Jackie Drees - Print  | 

Aberdeen, Wash.-based Grays Harbor Community Hospital is notifying around 85,000 patients of a June 15 ransomware attack on its systems that may have exposed patients' personal and medical information, Daily World reports.

Patients of Grays Harbor Community Hospital's subsidiary Grays Harbor Medical Group, which comprises eight clinics in the Abderdeen and Hoquiam, Wash.-based area, are also being notified of the breach. While the hospital did not find evidence of any information being accessed or shared by the hackers, officials are mailing letters this week to affected patients as "a matter of caution," according to the report.

The hackers likely gained access to the hospital's information systems through a phishing email attempt, which allowed the unauthorized party to infect the system with ransomware, Grays Harbor Community Hospital CEO Tom Jensen told Daily World. For the ransom, the hackers demanded the equivalent to $1 million in bitcoin, Mr. Jensen said.

The hospital's main system for managing patient information was not affected by the ransomware because it is older, however, the malware was effective at the medical clinics, which have resorted to using paper records for patients' health information. As of Aug. 13, the hospital has not regained access to the missing records, Mr. Jensen said.

Grays Harbor Community Hospital is in the process of a full forensic review, and the hospital is offering free credit monitoring to any individuals affected by the security breach. The hospital plans to implement upgrades to security, software, hardware and employee training.  

"Hospitals nationwide are under attack from these faceless criminals," Mr. Jensen said in a statement, according to the report. "As with many other organizations, we thought we were well prepared, and we were still victimized. We are proud of the efforts of our providers and staff continuing the same level of excellent patient care during this setback."

More articles on cybersecurity:
U of Maryland campuses to use AI to protect medical data, devices from cyberattacks
Dozens more patients sign onto MU Health Care data breach lawsuit
The CIO as a business enabler: Key thoughts from Faith Regional Health Services' Brian Sterud

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.