Details released on Grays Harbor Community Hospital hack

Originally posted 8-14-19

Grays Harbor Community Hospital Provides Notice of Recent Ransomware Attack

Grays Harbor Community Hospital (GHCH) and Harbor Medical Group (HMG)  patients are being notified that the recent ransomware attack on the public hospital district involved patient health information.

In the first official release from the hospital regarding the ransomware event that occurred on June 15, GHCH and HMG tell KXRO that when the attack occurred they discovered that databases containing electronic medical records were encrypted by the ransomware designed to block access to the system.

The people behind the software attempted to get paid in order to regain access.

GHCH and HMG say that when they identified the issue, an investigation was started that involved forensics and network consultants, as well as the FBI.

That investigation is ongoing.

While patients are being notified of the attack, the hospital states that;

“At no time was patient care compromised and throughout the incident GHCH and HMG continue to care for patients.”

The statement from the hospital group states that the network has been safeguarded following the attack and backup procedures have been able to recover much of the patient health care information, although certain parts of the electronic medical record remain encrypted and inaccessible. 

“GHCH and HMG have no reasonable basis to believe that any personal information has been transmitted outside of GHCH’s or HMG’s databases.”

Health information impacted by the ransomware may have included a patient’s full name, date of birth, social security number, phone number, home address, insurance, and medical record information, including diagnosis and treatment. 

GHCH and HMG say that they have recovered much of the information that was encrypted but have been unable to recover fully all of the health information.

“GHCH and HMG will continue to work diligently with security experts to recover the affected databases and re-establish access to the entire electronic medical record, however, this may not be possible.

Ransomware incidents of this nature are different from other data security incidents in that the data remains within the database. While GHCH and HMG do not believe that any of this personal information was transmitted outside of GHCH’s or HMG’s databases, out of an abundance of caution, GHCH and HMG are notifying patients via letter. GHCH and HMG have arranged for those affected to enroll in a credit monitoring service through Experian. This service is available to those affected at no cost.

GHCH and HMG will continue to take steps to mitigate this incident and to prevent this type of incident from happening again, including implementing more robust security and backup procedures. We also are providing training for staff members to ensure they understand how to avoid malware. “

GHCH and HMG have established a dedicated call center for patients with questions at 1-833- 762-0219, Monday – Friday from 7:30 am – 5:00 pm Pacific Time. 

 GHCH and HMG take very seriously the responsibility to protect our patients’ personal information and deeply regrets any concern or inconvenience this incident may cause patients.