Cyber Incident Victim: Olean Medical Group
Date:
Jun 2019
Location:
United States of America
Summary
A cyber attack involving ransomware targeted a medical group, disrupting computer systems and forcing a temporary shift to manual pen-and-paper operations for patient charting while services continued. The attackers attempted to ransom the systems but did not access records for approximately 40,000 patients. A separate tribal health system experienced a similar system outage during the same period, though officials confirmed no compromise of patient information in that incident, suggesting parallel ransomware disruptions impacting healthcare operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 14, 2019, Olean Medical Group (OMG) experienced a cyber attack that disrupted its computer systems. Hackers attempted to ransom the organization’s infrastructure, though OMG officials confirmed by June 17 that the attackers did not access records for 40,000 patients. The attack forced OMG to revert to manual operations, including charting patient information with pen and paper. Despite these disruptions, the medical group continued seeing patients throughout the incident. Around the same time, the Seneca Nation Health System (SNHS) appeared to suffer a similar attack, as its website reported system downtime, and OMG officials publicly linked the two incidents as involving the same attack type. SNHS also asserted no patient information was compromised, mirroring OMG’s statements.
OMG issued a press release via fax on June 17 detailing the attack’s immediate aftermath and recovery efforts. The group’s reliance on paper-based workflows underscored the severity of the system disruption, though patient care services remained operational. Both OMG and SNHS emphasized the absence of confirmed data breaches, suggesting the incidents likely involved ransomware that encrypted systems without exfiltrating sensitive records. No further technical details about the attackers’ methods, ransom demands, or specific systems affected were disclosed publicly. The attacks highlighted operational vulnerabilities, as prolonged IT outages necessitated manual workarounds for critical functions like medical charting. Recovery timelines and costs were not specified in available reports.