Cyber Incident Victim: Seneca Nation Health System

On or around June 14, 2019, Olean Medical Group (OMG) experienced a cyberattack that crippled its computer systems, as confirmed in a press release faxed by the organization on June 17. Hackers deployed ransomware in an attempt to extort the medical group, though officials stated no patient records for 40,000 individuals were accessed during the breach. The attack forced OMG to suspend electronic charting operations, requiring staff to document patient care manually using pen and paper. Despite these disruptions, the medical group continued seeing patients throughout the incident response period. Concurrently, the Seneca Nation Health System (SNHS) faced similar operational disruptions, with its website publicly acknowledging system-wide computer outages. OMG officials explicitly linked SNHS’s incident to the same attack methodology targeting their own infrastructure, though SNHS did not confirm the ransomware vector in public statements.

Both healthcare providers maintained critical patient services despite significant IT infrastructure impairment. SNHS issued a notice on its website asserting no patient information was compromised during the outage, a claim consistent with ransomware incidents where data remains encrypted but unaccessed. Neither organization disclosed technical specifics regarding attack vectors, malware variants, or ransom demands. Recovery efforts involved restoring systems from backups or rebuilding affected infrastructure, though neither entity provided timelines for full restoration. The incidents exemplified operational resilience through contingency protocols, as both providers sustained clinical operations without electronic health record access. Lasting impacts included prolonged reliance on manual documentation processes and potential delays in administrative functions during the recovery phase.