Skip to main content

Memorial Health System Data Breach

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

Memorial Health System, out of Marietta, Ohio, has reportedly been forced to channel emergency care to other healthcare facilities following a suspected ransomware attack.

The Memorial Health System cyberattack occurred on August 15, forcing its hospitals to shut down IT systems. Urgent surgical appointments and radiology examinations were canceled the following day.

Memorial Health System operates three hospitals (Marietta Memorial, Selby, and Sistersville General Hospital), all of which have allegedly been affected by the data breach.

An investigation into the data breach has been launched to determine the extent of the data exposed and how much personal information may have been compromised. Memorial Health System officials say there is no evidence the cyberattack leaked employee or patient data, but an investigation is ongoing, and it is still possible that thousands of files were viewed or downloaded.

Memorial Health System Data Breach

At least one tech media outlet has reportedly seen evidence suggesting the Hive ransomware group was responsible for the data breach, suggesting that data may have been stolen. Ransomware attacks usually arrive in tandem with a data breach, and hackers typically spend time on the network to determine the most valuable systems before exfiltrating files and encrypting data. By exfiltrating a data set, threat actors have leverage to force the victim to pay a ransom in exchange for providing a decryption tool.

Bleeping Computer has reported that evidence suggests databases containing the protected health information of around 200,000 individuals were stolen, potentially leaking names, dates of birth, and Social Security numbers.