Cyber Incident Victim: Ohio Valley Medical Center
Date:
Nov 2018
Location:
United States of America
Summary
A ransomware attack disrupted emergency services at Ohio Valley Medical Center and East Ohio Regional Hospital, forcing the diversion of ambulance patients to other facilities while walk-in emergency cases were still accepted. The incident compromised computer systems, prompting IT teams to work continuously to restore normal operations within days. Despite the malware bypassing an initial security layer, redundant protections prevented any exposure of patient data or breaches of sensitive information. Emergency responders were notified to redirect patients until systems were fully recovered, though the hospitals maintained limited emergency room functionality throughout the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 23, 2018, a ransomware attack disrupted computer systems at East Ohio Regional Hospital and Ohio Valley Medical Center, collectively referred to as the Ohio Hospital System. The malware infection occurred on a Friday evening, forcing both facilities to implement emergency room diversions for patients arriving via emergency response squads. Area emergency medical services began transporting patients to alternative hospitals after receiving formal diversion notifications. The hospitals remained operational for walk-in emergency room patients despite the cyber incident. Karin Janiszewski, the hospitals' marketing and public relations director, confirmed the ransomware's role in the disruption and emphasized that no patient data breaches occurred due to redundant security measures blocking full system compromise.
The hospitals' IT teams initiated around-the-clock recovery efforts immediately following the attack, aiming to fully restore normal operations by Sunday, November 25. Janiszewski publicly stated that while the ransomware penetrated the first security layer, secondary defenses prevented unauthorized access to patient information. The incident exclusively impacted emergency squad patient admissions, with no reported effects on other hospital departments or data systems. Operational continuity was maintained for non-ambulance emergency cases throughout the incident period. Hospital administrators prioritized public reassurance regarding data security while managing acute service disruptions during the remediation process.