Cyber Incident Victim: FirstHealth

A computer malware virus disrupted operations at FirstHealth of the Carolinas and multiple doctors’ offices across the Sandhills region beginning on or around October 17, 2017. The malware was detected in FirstHealth’s computer network midday on Tuesday, October 17, prompting the organization to take its systems offline to mitigate the threat. The incident persisted for several days, causing operational delays and appointment cancellations across non-critical services, though critical and emergent care remained unaffected. The malware was identified as a new variant of the “WannaCry” ransomware, which had previously caused widespread global disruptions in May 2017. FirstHealth’s network remained offline for an extended period as teams worked to remove the infection. The disruption impacted both the central healthcare system and affiliated medical practices in the region, though the exact number of affected entities was not specified.

FirstHealth responded by initiating remediation efforts immediately after detection, focusing on scrubbing the virus from its systems. The organization posted a public notice on its website by October 20, acknowledging the downtime and apologizing for inconveniences caused by appointment cancellations. Updates on remediation progress were promised via FirstHealth’s website and social media channels, though as of October 20, no updates had been posted to Twitter, and the website notice remained unchanged. Internal teams continued working to restore full system functionality, but the timeline for resolution was unclear. The incident underscored operational vulnerabilities to ransomware attacks, though no data theft or explicit ransom demands were mentioned in available reports. Patient care for urgent needs was maintained throughout the disruption, reflecting prioritized contingency measures during the outage.