Cyber Incident Victim: Munson Healthcare
Date:
Oct 2023
Location:
United States of America
Summary
Munson Healthcare's Otsego Memorial Hospital experienced a cyberattack causing temporary computer system disruptions, though patient care continued via procedural workarounds. The incident, confined to this facility, prompted an ongoing investigation with external experts, with no current evidence of compromised patient data. While the attack's exact nature remains under review, officials acknowledged healthcare's vulnerability to such threats and emphasized continuous monitoring efforts to safeguard systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2023, Munson Healthcare’s Otsego Memorial Hospital (OMH) in Gaylord, Michigan, experienced a cybersecurity breach that forced the temporary shutdown of its computer systems. The incident, confirmed by Munson Healthcare’s Chief Marketing and Communications Officer Megan Brown, was isolated to OMH and did not affect other facilities within the Munson Healthcare network. Upon detecting the breach, hospital staff implemented emergency procedures and operational workarounds to maintain continuity of patient care services during the system outage. Brown emphasized that patient treatment proceeded without disruption despite the technical challenges. While the investigation, conducted with external cybersecurity experts, remained ongoing as of November 2023, hospital officials stated they had no evidence suggesting patient data was accessed or compromised. Brown declined to confirm whether ransomware or a specific threat actor was involved, citing the incomplete nature of the probe.
The OMH incident occurred against a backdrop of escalating cyber threats targeting Michigan’s healthcare sector, as highlighted by U.S. Senator Gary Peters during a March 2023 Homeland Security Committee hearing. Federal data indicated healthcare data breaches more than doubled between 2019 and 2021, with over 28.5 million records compromised nationally in 2022. The breach at OMH mirrored recent attacks on other regional providers, including an August 2023 ransomware incident against McLaren Health Care that potentially exposed 2.5 million patient records via the ALPHV/BlackCat group. Michigan Attorney General Dana Nessel reiterated concerns about healthcare organizations’ vulnerability to such attacks, emphasizing the responsibility to safeguard sensitive data. Munson Healthcare underscored its continuous monitoring and investments in cybersecurity defenses, though the OMH breach demonstrated persistent risks to hospital operational systems. The investigation continued to determine the attack’s origin, methodology, and full scope.