Dover, Del.-based Bayhealth identified unusual computer system activity July 31 and took action to contain the issue, according to an Aug. 3 post on Bayhealth's Facebook account.
"We promptly took proactive measures to contain the activity and implemented our incident response process – a cybersecurity firm was also engaged to assist," the post reads. "Further, out of an abundance of caution, we disabled all external connections to our network."
The health system kept its Epic EHR operational, but reported temporary connection issues with MyChart, which was restored Aug. 4.
"Bayhealth recently identified unusual activity on our network. Upon discovery, we took proactive measures to mitigate potential risks, including disconnecting from specific external systems," said Terry M. Murphy, FACHE, president and CEO of Bayhealth in a statement to Becker's. "This action led to temporary interruptions in access to a limited number of systems. We have launched an investigation with a third-party forensic firm to determine the incident’s nature and scope. While that investigation is ongoing, we have reestablished external connections and are now operating at normal capacity. On August 7, we were made aware that a third party claimed to have taken and posted Bayhealth data. We will continue to keep stakeholders informed pursuant to relevant law as the situation develops."
HackManac, an organization that maintains a repository of verified information about cyberattacks, reported on X and LinkedIn that Rhysida ransomware group claimed responsibility for the attack against Bayhealth and demanded 25 bitcoin, or around $1.4 million, ransom paid by Aug. 14. The firm reported information including Social Security Numbers, passports and other documents.