Cyber Incident Victim: Frederick Regional Health System
Date:
Jan 2025
Location:
United States of America
Summary
Frederick Health experienced a ransomware attack that prompted immediate containment measures, including taking systems offline while maintaining facility operations through established backup protocols and downtime procedures. The organization engaged third-party cybersecurity experts to restore systems and notified law enforcement, with ongoing efforts to determine potential personal data exposure. While most services remain operational, the incident caused temporary laboratory closures, delays in certain care areas, and disruptions to electronic prescription requests and patient portal access, requiring manual processes for medication refills and test result retrieval. Medical facilities continue to accept patients, utilizing alternative workflows to sustain care delivery during recovery operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Frederick Health detected suspicious activity within its IT systems on January 27, 2025, subsequently confirming the incident as a ransomware attack. The organization initiated immediate containment measures, including proactively taking affected systems offline to limit further compromise. President and CEO Tom Kleinhanzl publicly acknowledged the event on February 6, 2025, confirming engagement with third-party cybersecurity specialists to restore operations while prioritizing patient care continuity. Law enforcement agencies were notified of the intrusion, though specific details regarding the attackers' identity or ransom demands were not disclosed. Critical healthcare facilities remained operational throughout the incident, with staff implementing established downtime protocols to maintain clinical services. The Emergency Department continued accepting walk-in patients and ambulance transports, though EMS providers coordinated potential temporary re-routes based on situational needs. Laboratory services experienced partial disruption, with the Frederick Health Village Laboratory location temporarily closed while other lab sites maintained operations.
The ransomware attack caused measurable service delays across Frederick Health's network, particularly impacting electronic systems supporting patient portals and prescription management. Medical Group locations operated under normal business hours but required patients to bring physical copies of medical histories, allergy information, medication lists, and test results to appointments due to electronic record inaccessibility. Prescription refill requests transitioned to telephone-based processing after electronic systems, including portal-based requests, became unavailable. Restoration teams prioritized system recovery with unspecified but "significant progress" reported, though no definitive timeline for full restoration was provided. Investigators continued assessing whether personal data was exfiltrated during the breach, with commitments to notify affected individuals if evidence confirmed data exposure. Operational adjustments remained in effect during recovery efforts, including the sustained unavailability of the patient portal for accessing test results and the continued closure of the Village Laboratory location. Staff maintained patient care through manual documentation processes while cybersecurity experts worked to restore compromised systems.