Millinocket Regional Hospital in Maine was targeted by a cyberattack, with unauthorized access detected on or around July 21, 2024. The RansomHub cybercriminal gang claimed responsibility, posting the breach on its dark web data leak site on July 25. The hospital confirmed that the hackers accessed portions of its network containing sensitive patient data, including names, addresses, Social Security numbers, health insurance details, and treatment information. The stolen data, amounting to 1.8 GB, suggests that the hospital did not pay the ransom demand.
Following the breach, Millinocket Regional Hospital initiated a forensic investigation to determine the scope of the attack and the individuals affected. It remains unclear how many people were impacted, but the hospital took immediate measures to notify those potentially involved. To support victims, it has provided complimentary credit monitoring and identity theft protection services. This move underscores the hospital’s acknowledgment of the potential risks posed to patient information.
The cybercriminal group’s post about the breach was later removed from their leak site, leaving questions about the group’s intentions or the hospital’s response to the incident. Millinocket Regional Hospital has not publicly disclosed details about negotiations with the attackers or the specifics of the breach resolution. Additionally, no breach notification has been reported to the Department of Health and Human Services, highlighting gaps in the transparency of the incident.
In response to the attack, the hospital reviewed and enhanced its data security policies and procedures to prevent future breaches. While these steps aim to bolster the hospital’s cybersecurity defenses, the incident underscores the vulnerabilities of healthcare institutions to ransomware attacks. It serves as a reminder of the importance of robust cybersecurity measures in protecting sensitive patient information in an increasingly digital healthcare environment.
Reference:
