Ransomware affects data of 85,000 patients from Grays Harbor

Data of more than 85,000 patients may have been compromised by a ransomware attack affecting Grays Harbor Community Hospital and its Harbor Medical Group practice.

On June 15, hospital personnel discovered that databases containing health records were encrypted by software to block access to a computer system until a ransom payment was made. The attack was sophisticated—the 107-bed hospital had encrypted its data, but the attacker placed additional coding on top of the hospital’s encryption.

Grays Harbor Community Hospital-CROP.png

After safeguarding the network, personnel with help from forensics professionals were able to recover much of the data, but certain parts of the electronic medical record remain encrypted and inaccessible.

The organization, which operates in the Aberdeen region of Washington state, says it has no basis to believe that any personal information has been transmitted outside its databases, and clinicians and staff continued to care for patients.

Most of the health information contained on its systems was at risk, including Social Security numbers and other sensitive data, and the hospital has been unable to fully recover all of the data that was encrypted.

“We will continue to work diligently with security experts to recover the affected databases and re-establish access to the entire electronic medical record, however, this may not be possible,” the organization acknowledged to patients.

Affected individuals will receive one year of credit monitoring services from Experian. Grays Harbor Community Hospital is working with cyber experts to upgrade the network’s virus protection programs, the network’s real-time monitoring systems and the network’s operating system.

“We also have reinforced education and training for our staff members on how to avoid email phishing schemes and take proper precautions for cyber security,” the organization told patients.

Additional information was not immediately available.

For reprint and licensing requests for this article, click here.