June 27, 2023
Atlantic General Hospital (AGH), located in Berlin, is now fully operational after being hit by a ransomware attack that disrupted its network and exposed sensitive information to malicious actors.
The hospital’s latest update on the security incident sent to the Office of the Maine Attorney General shows that 136,981 individuals had their patient data exposed, up from an initial count of 30,704 in the hospital’s March 24, 2023 data breach notification.
Table of Contents
Atlantic General Hospital Cyberattack: Uncovering the Scope of the Breach
The Atlantic General Hospital privacy breach was discovered on January 29, 2023, after the hospital discovered encrypted files on its computer systems. According to the data breach notification sent to the Office of the Maine Attorney General, the hospital employed third-party forensic specialists to help investigate the nature and scope of the suspicious activity. The investigation uncovered unauthorized access to specific AGH servers starting January 20, 2023.
After undertaking a comprehensive review of the files, AGH discovered that the ransomware attack exposed sensitive information, including names, Social Security numbers, financial account information, medical record numbers, treating/referring physicians, health insurance information, subscriber numbers, medical history information, or diagnosis/treatment information. However, AGH said there was no evidence of misuse of any information related to the incident.
In February, Ocean City Today reported that AGH implemented downtime procedures to provide emergency services, perform elective surgeries, and continue other outpatient services. Although most hospital services were unaffected, certain operations, such as RediScripts, outpatient walk-in lab, pulmonary function testing, and outpatient imaging, were temporarily suspended.
Atlantic General Hospital’s Ongoing Response and Recovery Efforts
AGH said in its February press release that it has been working closely with forensic investigators, cybersecurity consultants, and the Federal Bureau of Investigation (FBI) to assess the impact of the ransomware attack and restore network systems. Despite the attack, the hospital maintained essential services, including emergency care, primary care, specialty offices, and ancillary locations. The outpatient walk-in lab and imaging departments, initially affected by the attack, have been reopened and are fully operational.
Donald Owrey, president and CEO of AGH, addressed the breach in Atlantic General Hospital during a town hall meeting reported on The Dispatch. Owrey assured the audience that the cyber insurance in place would help the hospital weather the disruption caused by the attack. He emphasized that AGH had implemented extensive security measures before the incident and further fortified its defenses in response to the evolving cyber threat landscape.
Although the hackers demanded a ransom, AGH did not meet their demands. The attack was reportedly orchestrated by a group based in China, which has targeted multiple hospitals. Owrey explained in the same town hall meeting that the hackers’ organization was known to the FBI, which promptly identified their modus operandi.
“They’ve attacked a number of hospitals,” he said. “Their MO, how they work, is known to the FBI. We spoke to the FBI that Sunday morning (after the attack). They immediately knew who they were; they knew all about them. We learned subsequently, they have what’s called a call center. That’s how organized this outfit is. When I spoke to the leading expert nationally for cybersecurity in the healthcare industry, he gave me a 10-or-12-page writeup on this organization.”
The hospital is confident that the electronic medical records were not compromised as investigators carefully examined accessed folders and files for any potential breach of protected health information.
Coping With Cyber Threats: The Ransomware Epidemic
Ransomware attacks have become increasingly prevalent in recent years, and the healthcare industry has become a prime target. The Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) has expressed concerns over the growing cyber threats the healthcare sector faces. These attacks typically involve hackers encrypting and locking the victim’s data, demanding a ransom payment for its release. The aim is to strike quickly, collect the ransom, and move on to the next target.
The Federal Cybersecurity & Infrastructure Security Agency (CISA) emphasizes that ransomware is an ever-evolving form of malware. Ransomware attackers focus on locking the system, threatening to sell or leak sensitive data. They then demand a ransom in exchange for decryption. As cybercriminals evolve their techniques, healthcare organizations must remain vigilant and strengthen their defenses against these threats.
The Growing Threat and the Path Forward
Cybersecurity awareness and preparedness are vital components of the healthcare industry’s response to the growing ransomware epidemic. The healthcare sector’s increasing reliance on digital systems and the rise in cyberattacks highlight the urgency of strengthening cybersecurity measures.
The Atlantic General Hospital ransomware attack should serve as a valuable lesson for other healthcare organizations. As ransomware attacks and data breaches remain prevalent, healthcare organizations must adapt and invest in security measures to maintain uninterrupted care and safeguard patient safety.