Cyber Incident Victim: Guam Memorial Hospital
Date:
Mar 2023
Location:
United States of America
Summary
A cyberattack compromised Guam Memorial Hospital's computer network, prompting a precautionary systems shutdown after unauthorized access was detected. The hospital engaged federal and local cybersecurity agencies, confirming no breach of patient or employee data occurred. Restoration efforts prioritized reinstating phone lines and email services while upgrading network security protocols, with full operational recovery anticipated shortly under coordinated government support.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 2, 2023, Guam Memorial Hospital's IT Department detected unauthorized access to its computer network, triggering an immediate response. The hospital notified the Federal Bureau of Investigation and Guam Homeland Security within hours of discovery. Initial assessments found no evidence of compromise to patient health records or employee databases. As a precautionary measure on March 4, GMH administrators initiated a full network shutdown that disabled critical systems including phone lines and email communications. Hospital leadership briefed Governor Lou Leon Guerrero, who activated government resources to support recovery efforts. The coordinated response involved GMH's IT team working with Guam Homeland Security and the Guam Office of Technology to restore operations while implementing enhanced cybersecurity measures.
Restoration efforts prioritized reestablishing communication channels, with phone and email systems becoming operational during initial recovery phases. The hospital maintained patient services throughout the incident despite network disruptions. Full restoration of remaining systems was projected to occur shortly after the March 13 public disclosure, though no specific completion date was provided. The shutdown duration spanned at least nine days from initial detection through ongoing recovery. Government resources remained committed to returning all network functionality while strengthening defenses against future cyber threats, with no ransomware demands or data exfiltration reported during the incident.