Cyber Incident Victim: Lawrence General Hospital

Lawrence General Hospital experienced a disruptive cybersecurity incident beginning on September 19, 2020, prompting an immediate operational response. The hospital took all systems offline for approximately 36 hours as a precautionary measure to secure data, activating established downtime procedures typically reserved for planned maintenance or emergencies. This system shutdown necessitated the diversion of ambulance traffic to other regional emergency centers during the outage period, though walk-in patients continued to receive care at the facility. Clinical staff maintained patient care operations through manual documentation methods, including handwritten medical forms, while relying on verbal communication via telephone and in-person meetings to coordinate treatment. Hospital leadership notified surrounding medical facilities and emergency responders about the activation of downtime protocols to facilitate coordinated ambulance rerouting.

The incident investigation remained ongoing as of October 1, 2020, with hospital officials working to determine the precise nature and scope of the security event. No specific details regarding potential data compromise or attacker methodology were disclosed in initial reports. Major clinical systems were restored to operational status following the 36-hour outage period, allowing the hospital to resume normal patient care activities. The response highlighted the implementation of pre-existing contingency plans designed for system disruptions, with the hospital spokesperson emphasizing that similar protocols were routinely employed during scheduled maintenance events. No further information was provided regarding long-term operational impacts, forensic findings, or potential data exposure resulting from the incident.