MedCare Health Systems, a regional hospital network operating 12 facilities, has disclosed a ransomware attack that disrupted clinical operations and may have exposed protected health information (PHI) of 2.3 million patients.
Incident Overview
The attack began on January 3 when an employee clicked a phishing link that deployed a loader, which subsequently downloaded ransomware. Within hours, critical systems across the network were encrypted.
Impact on Operations
- Emergency departments diverted patients for 48 hours
- Electronic health records were unavailable for 5 days
- Surgical procedures were postponed
- Staff reverted to paper-based documentation
Data Exposure
Forensic analysis is ongoing, but the attackers may have accessed:
- Patient names, dates of birth, and Social Security numbers
- Medical records and diagnoses
- Insurance information
- Billing records
The incident has been reported to HHS Office for Civil Rights as required under HIPAA breach notification rules.