Ransomware attack hits Grays Harbor Community Hospital

ABERDEEN, Wash. -- Grays Harbor Community Hospital (GHCH) and Harbor Medical Group (HMG) are reporting a ransomware attack that involved patient health information.

According to a release from the hospital, the ransomware attack was discovered June 15. Databases containing electronic medical records for 85,000 patients were encrypted by a sophisticated software program (ransomware) designed to block access to a computer system until a sum of money is paid.

GHCH and HMG have notified the FBI of the incident. At no time was patient care compromised.

Both health care providers used established backup procedures and have been able to recover much of the patient health care information; however, certain parts of the electronic medical record remain encrypted and inaccessible by GHCH and HMG.

"GHCH and HMG have no reasonable basis to believe that any personal information has been transmitted outside of GHCH’s or HMG’s databases," they said in a prepared statement.

The health information that was impacted by the ransomware may have included a patient’s full name, date of birth, social security number, phone number, home address, insurance, and medical record information, including diagnosis and treatment. GHCH and HMG have recovered much of the information that was encrypted, but not all of it.

Ransomware incidents of this nature are different from other data security incidents in that the data remains within the database. While GHCH and HMG do not believe that any of this personal information was transmitted outside of GHCH’s or HMG’s databases, out of an abundance of caution, GHCH and HMG are notifying patients via letter and have arranged for those affected to enroll in a credit monitoring service through Experian.

This service is available to those affected at no cost. There's also a dedicated call center for patients with questions at 1-833-762-0219, Monday – Friday from 7:30 am – 5 p.m. Pacific time.

"GHCH and HMG take very seriously the responsibility to protect our patients’ personal information and deeply regrets any concern or inconvenience this incident may cause patients," the two providers said in a statement.