Georgia’s Wayne Memorial Hospital Reports Data Breach Affecting Over 160,000 People

Wayne Memorial Hospital, a healthcare provider based in Georgia, reported that a data security breach last year exposed the sensitive personal information of over 160,000 people.

 

Based in Jesup, Georgia, Wayne Memorial Hospital is a certified primary stroke center, and a Level IV Trauma Center.

 

In a data security incident notice filed with the Office of Maine Attorney General, WMH

said that on June 3, 2024, it was a victim of a ransomware attack during which threat actors infiltrated its internal network, stole confidential data, and encrypted critical systems. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“Upon discovery of this event, WMH immediately disconnected access to its network and took certain systems offline while it worked to safely and securely restore its network from backups. WMH also engaged legal counsel and cybersecurity professionals to help secure WMH’s network and conduct a forensic investigation.

 

“WMH’s forensic investigation found evidence that the unauthorised actor had access to a limited number of WMH systems between May 30, 2024 and June 3, 2024,” WMH said.

 

The compromised data included names, dates of birth, Social Security numbers, driver’s license numbers, state identification numbers, user identification and passwords, financial account numbers, credit or debit card numbers, credit card expiration dates or CVV codes, Medicare or Medicaid numbers, health insurance member numbers, healthcare provider numbers, diagnoses, medical history, treatment information, prescription information, and lab test results or images.

 

The filing with the Maine state regulator also states that the WMH has identified at least 163,440 individuals impacted by the incident.

 

While WMH found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.