Ransomware group deploys ticking clock to threaten Georgia hospital
Memorial Hospital and Manor, a 187-bed facility in Georgia, suffered a ransomware attack earlier this month, announced by the organization via a Facebook post dated Nov. 3.
Now, the group responsible is threatening to leak the stolen data online—and they’ve deployed a ticking clock, counting down the days, hours, and seconds Memorial Hospital has to pay an undisclosed ransom.
The hacker group Embargo has taken credit for the attack, posting details about the data breach on its own dark web site. They claim to be in possession of 1.15TB of data taken from the hospital’s systems; however, no specifics on the trove’s contents are mentioned.
Instead, the group provides some background history on Memorial Hospital, including the date of its founding. Comparitech was able to grab a screenshot of the post—including the ticking clock.
Memorial Hospital has not confirmed any details, including when the incident took place, what group is responsible, and what the ransom demands entail. In fact, its post on Facebook is now hidden from public view. However, Comparitech quotes it as reading:
“ATTENTION!!! This is to inform you that Memorial Hospital and Manor is experiencing a ransomware incident. This impacts access to our Electronic Health Record system. While we believe this issue will not impact either the level or the quality of care we provide to our patients, we want to be fully transparent regarding this situation.
This attack was discovered early Saturday morning when employees were seeing notifications of potential risks found by our virus protection software.”
The attack likely took place before Nov. 1, based on the timing of the post. It is unclear to what extent the EHR outage disrupted operations at Memorial Hospital. Further, it is not clear how long the hackers had access to the hospital’s network or how long the data breach lasted.
As of Nov. 12, the incident does not appear on the U.S. Health and Human Services Office for Civil Rights' list of known healthcare data breaches.
For now, HealthExec has only the ticking clock from Embargo and a now-hidden Facebook post to go by.
HealthExec has reached out for more details on the incident and will update this story with any information we receive.