Georgia hospital unable to access record system after ransomware attack

A ransomware attack on a prominent hospital in southwest Georgia knocked out access to the electronic health record system. 

Memorial Hospital and Manor in the town of Bainbridge posted an urgent message on Sunday warning patients that the hospital’s IT team had discovered a ransomware attack the morning before when employees found notifications from the virus protection software.

“This impacts access to our Electronic Health Record system. While we believe this issue will not impact either the level or the quality of care we provide to our patients, we want to be fully transparent regarding this situation,” the hospital said. 

“Once we learned about the incident, we immediately initiated an internal investigation and are working toward a solution. We are currently evaluating our options for restoration and recovery at this time. Please bear with us as you may experience longer wait times when you come to either the hospital or physician offices as we are working on a paper based process.”

The hospital did not respond to requests for comment and has not posted an update since Sunday. 

The 80-bed hospital serves the areas around Bainbridge — a town on the state’s southern border with Florida and Alabama. 

The attack was claimed on Tuesday by the Embargo ransomware gang, which is trying to extort a ransom out of the hospital by threatening to leak 1.15 terabytes of purportedly stolen data by November 8.

Embargo is a relatively new ransomware operation first observed by researchers earlier this year. The gang has stood out to cybersecurity experts because it uses a particularly powerful tool to disable the kind of endpoint detection and response that most organizations use for protection. 

ESET researcher Jan Holman said two weeks ago that the group is sophisticated and that its members told the security company it operates as a ransomware-as-a-service operator. 

The group has claimed attacks on multiple hospitals, including California’s NorthBay Vacaville Hospital, which was forced to turn patients away and cancel appointments following a ransomware attack. 

Idaho’s Weiser Memorial Hospital was also listed by the gang after the organization dealt with weeks of downed computer systems and phone lines. Last month, the hospital admitted the outages were caused by a cyberattack and acknowledged that it was investigating the claims made by Embargo operators. 

Microsoft said in September that it saw a threat actor it tracks as Storm-0501 deploying the Embargo ransomware, especially to target hospitals in the U.S.

“Operating under the RaaS model, the ransomware group behind Embargo allows affiliates like Storm-0501 to use its platform to launch attacks in exchange for a share of the ransom,” Microsoft explained. “Embargo affiliates employ double extortion tactics, where they first encrypt a victim’s files and threaten to leak stolen sensitive data unless a ransom is paid.”

Microsoft previously warned that between July 2023 and June 2024 389 U.S.-based healthcare institutions were successfully hit with ransomware. Ransom payments made by healthcare organizations have averaged about $4 million, the cybersecurity firm Sophos found.