Wayne Memorial Hospital in Jesup, Georgia, suffered a **ransomware attack** in **May-June 2024**, orchestrated by the **Monti ransomware gang**. The breach compromised **163,440 individuals'** highly sensitive data, including **Social Security numbers, financial account details (credit/debit cards, CVV codes), medical histories (diagnoses, treatments, prescriptions, lab results), health insurance numbers, state-issued IDs, and login credentials**. Initially, only **2,500 victims** were notified in August 2024, but the figure was later revised to over **160,000**. The attackers **encrypted hospital data** and threatened to leak stolen information by **July 8, 2024**, though the hospital neither confirmed the leak nor disclosed ransom payments. The breach exposed **patient and financial records**, posing severe risks of **identity theft, fraud, and medical data exploitation**. The hospital offered **12 months of credit monitoring** but faced criticism for the **delayed notification** (over a year post-breach). The attack disrupted operations, though the full extent of system downtime remains undisclosed. Monti, a successor to the Conti gang, is known for **double extortion (data theft + encryption)** and has previously targeted healthcare providers, including **Excelsior Orthopedics (394,752 victims)** and **ASL Italy (month-long disruption)**.
TPRM report: https://www.rankiteo.com/company/wayne-memorial-hospital-wmh
"id": "way0092700090825",
"linkid": "wayne-memorial-hospital-wmh",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '163,440',
'industry': 'Healthcare',
'location': 'Jesup, GA, USA',
'name': 'Wayne Memorial Hospital',
'size': '84 beds, 500 employees',
'type': 'Hospital'}],
'customer_advisories': '12 months of free fraud assistance and credit '
'monitoring through CyberScout (enrollment deadline: '
'90 days from notice receipt)',
'data_breach': {'data_encryption': 'Yes (ransomware encrypted some data)',
'data_exfiltration': 'Yes (claimed by Monti, but not '
'confirmed by hospital)',
'number_of_records_exposed': '163,440',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Information',
'Authentication Credentials']},
'date_detected': '2024-06-03',
'date_publicly_disclosed': '2024-08-01',
'description': 'Wayne Memorial Hospital in Jesup, GA confirmed a May 2024 '
'data breach that compromised personal and medical information '
'of 163,440 individuals. The ransomware gang Monti claimed '
'responsibility and threatened to leak stolen data by July 8, '
'2024. The hospital detected the ransomware event on June 3, '
'2024, with unauthorized access occurring between May 30, '
'2024, and June 3, 2024. The hospital is offering 12 months of '
'free fraud assistance and credit monitoring to victims.',
'impact': {'brand_reputation_impact': 'High (due to sensitive data exposure '
'and delayed notification)',
'data_compromised': ['Names',
'Social Security numbers',
'User IDs and passwords',
'Financial account numbers',
'Credit and debit card numbers (including '
'expiration dates and CVV codes)',
'Medical history',
'Diagnoses',
'Treatments',
'Prescriptions',
'Lab test results and images',
'Health insurance, Medicare, and Medicaid '
'numbers',
'Healthcare provider numbers',
'State-issued ID numbers (e.g., driver’s '
'license)',
'Dates of birth'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Limited number of WMH systems'},
'investigation_status': 'Ongoing (forensic investigation completed, but '
'details not fully disclosed)',
'motivation': 'Financial (Ransom)',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Claimed by Monti',
'ransomware_strain': 'Monti'},
'references': [{'source': 'Comparitech'},
{'source': 'Wayne Memorial Hospital Notice to Victims'}],
'response': {'communication_strategy': 'Public notification and victim '
'letters with enrollment deadline for '
'credit monitoring',
'incident_response_plan_activated': 'Yes (forensic investigation '
'conducted)',
'third_party_assistance': 'CyberScout (for fraud assistance and '
'credit monitoring)'},
'threat_actor': 'Monti',
'title': 'Wayne Memorial Hospital Data Breach and Ransomware Attack',
'type': ['Data Breach', 'Ransomware Attack']}