In early November 2024, Memorial Hospital and Manor experienced a significant ransomware attack that compromised sensitive data of over 120,000 people. Despite the breach occurring on November 1, it was only discovered the following day and initially reported via a now-deleted Facebook post.

Delayed Notifications and Ongoing Concerns

Although the incident was reported to the Maine Attorney General on February 8, there has been no notification to the Department of Health and Human Services (HHS) as of yet. Memorial Hospital & Manor (MH-M) released a notice on February 10, describing the incident as a data security breach without explicitly mentioning ransomware.

Data Compromised

The breach potentially exposed personal details such as names, Social Security numbers, birth dates, health insurance information, and medical histories. MH-M confirmed that they informed the FBI but have remained silent on HHS notifications.

Embargo Ransomware Group's Involvement

The Embargo ransomware group claimed responsibility, alleging they obtained 1.15 TB of data, which they subsequently leaked online after MH-M failed to meet their ransom demands. Despite attempts to negotiate, the hospital's offer was declined by the attackers.

Data Leak Implications

Embargo's actions have led to the exposure of protected health information on the dark web, raising serious privacy concerns. This incident highlights the importance of timely communication with affected individuals and relevant authorities.

For more insights into ransomware threats and protection strategies, learn more about ransomware vulnerabilities in our comprehensive Research section.

The link has been copied!