Cyber Incident Victim: South East Regional Health Authority

On or around January 11, 2023, the South East Regional Health Authority (SERHA) in Jamaica experienced a cyberattack disrupting its information and communications technology systems and public-facing services. The incident, later identified as a ransomware attack, was first brought to public attention through a January 26, 2023 Jamaica Gleaner report. Junior Opposition Spokesperson on Science and Technology Omar Newell revealed he had received an anonymous tip about the breach on January 11, with the source predicting an attempted cover-up of the incident. Newell confirmed the validity of these warnings when SERHA’s systems became compromised, though the health authority itself did not initially disclose operational impacts or data exposure details. The attack impaired critical healthcare service delivery mechanisms, though specific affected facilities or duration of outages weren’t detailed in available reports.

Political pressure for transparency emerged as Newell demanded SERHA disclose whether hackers accessed a server containing sensitive cancer patient records and other critical medical data. He further challenged the health authority to reveal whether a ransom was demanded, the amount requested, and SERHA’s official stance on payment negotiations. No ransomware group claimed responsibility for the attack as of the last reported update on January 26, leaving the perpetrators unidentified. SERHA did not publicly confirm data exfiltration or provide technical details about the intrusion vector, containment measures, or recovery progress. The incident remained under investigation with unresolved questions about patient data security and institutional response protocols at the time of reporting.