Aberdeen, Wash.-based Grays Harbor Community Hospital is notifying around 85,000 patients of a June 15 ransomware attack on its systems that may have exposed patients' personal and medical information, Daily World reports.
Patients of Grays Harbor Community Hospital's subsidiary Grays Harbor Medical Group, which comprises eight clinics in the Abderdeen and Hoquiam, Wash.-based area, are also being notified of the breach. While the hospital did not find evidence of any information being accessed or shared by the hackers, officials are mailing letters this week to affected patients as "a matter of caution," according to the report.
The hackers likely gained access to the hospital's information systems through a phishing email attempt, which allowed the unauthorized party to infect the system with ransomware, Grays Harbor Community Hospital CEO Tom Jensen told Daily World. For the ransom, the hackers demanded the equivalent to $1 million in bitcoin, Mr. Jensen said.
The hospital's main system for managing patient information was not affected by the ransomware because it is older, however, the malware was effective at the medical clinics, which have resorted to using paper records for patients' health information. As of Aug. 13, the hospital has not regained access to the missing records, Mr. Jensen said.
Grays Harbor Community Hospital is in the process of a full forensic review, and the hospital is offering free credit monitoring to any individuals affected by the security breach. The hospital plans to implement upgrades to security, software, hardware and employee training.
"Hospitals nationwide are under attack from these faceless criminals," Mr. Jensen said in a statement, according to the report. "As with many other organizations, we thought we were well prepared, and we were still victimized. We are proud of the efforts of our providers and staff continuing the same level of excellent patient care during this setback."