Cyber Incident Victim: Sonoma Valley Hospital
Date:
Oct 2020
Location:
United States of America
Summary
Sonoma Valley Hospital experienced a security incident that disrupted computer systems, triggering a significant operational downtime. The facility maintained patient care through its business continuity plan, sustaining emergency services, surgeries, and most diagnostic procedures without interruption, though new patient portal results were unavailable post-incident. An investigation involving external experts was initiated to address the event, with no confirmation of data compromise or ransomware involvement in official statements. Systems remained partially restored during ongoing recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 11, 2020, Sonoma Valley Hospital experienced a security incident that disrupted its computer systems, triggering what the organization described as a "significant downtime event." The hospital publicly disclosed the incident on October 22, 2020, confirming systems remained partially offline eleven days after initial detection. While the technical nature of the attack was not specified in official statements, the disruption necessitated immediate activation of business continuity protocols to maintain clinical operations. Emergency services continued uninterrupted 24/7 throughout the outage, with no reported cancellations of necessary surgeries or elective procedures. Diagnostic capabilities were largely preserved, though the hospital acknowledged some limitations in its public update. The patient portal remained accessible but ceased updating with new medical results following the October 11 disruption, creating potential information gaps for recent patients.
Sonoma Valley Hospital initiated an internal investigation immediately following the incident and engaged external cybersecurity experts to assist with forensic analysis and system restoration. Operational updates emphasized maintaining patient care through established contingency plans while technicians worked to fully restore affected systems. The hospital's October 22 statement provided no confirmation regarding potential data compromise, unauthorized access, or exfiltration of sensitive information. No ransomware claims or payment demands were referenced in official communications, though the prolonged system outage and restoration timeline suggested significant infrastructure impact. Public communications directed patients to contact providers directly for care-related inquiries while systems remained partially offline. The organization committed to providing additional updates as the investigation progressed, though no further details regarding root cause or data security were disclosed in the immediate aftermath.