Cyber Incident Victim: Northern Light Health
Date:
Feb 2024
Location:
United States of America
Summary
A cyberattack targeted Northern Light Health, prompting the organization to proactively take all servers offline as a precaution after detecting system abnormalities. While no patient data was confirmed compromised and affected servers did not contain medical records, electronic health records and sensitive systems were temporarily inaccessible, with downtime procedures ensuring uninterrupted patient care across all hospitals and facilities. The incident involved no ransom demands or third-party contact, and critical infrastructure like HVAC and security systems remained under internal control. Authorities were notified, and restoration efforts were prioritized alongside ongoing investigations into the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 3, 2024, Northern Light Health detected an abnormality in its computer systems, prompting an immediate investigation. Suzanne Spruce, a senior vice president, confirmed the organization identified a cyberattack affecting some servers and chose to take all systems offline as a precautionary measure, despite confirming no patient records resided on the compromised servers. The decision caused unplanned network downtime, requiring hospitals and nursing homes to implement established downtime procedures for clinical operations. Northern Light Health emphasized patient care remained unaffected across its 10 hospitals and 8 nursing homes, with all facilities staying open during the incident. The organization’s Sunday statement noted teams worked continuously through the weekend to inspect servers and restore functionality, anticipating electronic medical records would return online by Monday. No evidence emerged suggesting data exfiltration, ransom demands, or third-party contact related to the attack. Northern Light Health maintained full control over critical infrastructure systems, including HVAC and physical security, throughout the event.
The healthcare provider proactively reported the incident to unspecified authorities while publicly countering misinformation about data compromise and ransom demands. Their February 4 update clarified the voluntary nature of taking sensitive systems offline, including electronic health records, to facilitate investigation and repairs. Northern Light Health’s 10,000 employees continued providing services using contingency protocols designed for system outages. Restoration efforts prioritized patient safety and privacy, with no disclosures regarding attack vectors, threat actors, or forensic findings. The organization committed to sharing additional details with patients, staff, and communities as the investigation progressed, maintaining operational continuity across its Maine healthcare network during remediation.