Grays Harbor Community Hospital

On May 6, 2019, Grays Harbor Community Hospital experienced a ransomware cyberattack that led to a significant data breach, reported by the Washington State Attorney General's Office on January 29, 2021. The incident compromised the personal and medical information of approximately 5,136 patients, including 4,984 Washington residents. The exposed data included names, full dates of birth, and medical records, raising concerns about identity theft, fraud, and unauthorized access to sensitive health information. The breach posed serious risks to patient privacy and trust in the hospital’s cybersecurity measures. While the exact financial or operational impact on the hospital was not detailed, the exposure of medical information a highly sensitive category heightened the severity of the incident. Ransomware attacks often disrupt healthcare operations, potentially delaying critical services, though the article did not specify whether patient care was directly affected. The breach underscored vulnerabilities in the hospital’s data protection systems, necessitating strengthened security protocols to prevent future incidents.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10356

TPRM report: https://www.rankiteo.com/company/harbor-regional-health

"id": "har222090125",
"linkid": "harbor-regional-health",
"type": "Ransomware",
"date": "5/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': '5,136 (including 4,984 '
                                              'Washington residents)',
                        'industry': 'healthcare',
                        'location': 'Washington, USA',
                        'name': 'Grays Harbor Community Hospital',
                        'type': 'healthcare'}],
 'data_breach': {'number_of_records_exposed': '5,136',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (PII and medical data)',
                 'type_of_data_compromised': ['names',
                                              'full dates of birth',
                                              'medical information']},
 'date_detected': '2019-05-06',
 'date_publicly_disclosed': '2021-01-29',
 'description': "On January 29, 2021, the Washington State Attorney General's "
                'Office reported a data breach involving Grays Harbor '
                'Community Hospital, which occurred on May 6, 2019. The '
                'breach, classified as a ransomware cyberattack, potentially '
                'affected approximately 5,136 patients, including 4,984 '
                'Washington residents. The types of information potentially '
                'accessed included names, full dates of birth, and medical '
                'information.',
 'impact': {'data_compromised': ['names',
                                 'full dates of birth',
                                 'medical information'],
            'identity_theft_risk': 'potential'},
 'references': [{'source': "Washington State Attorney General's Office"}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       "Attorney General's "
                                                       'Office'},
 'title': 'Grays Harbor Community Hospital Ransomware Attack (2019)',
 'type': 'ransomware'}