Cyber Incident Victim: Samaritan Medical Center
Date:
Jul 2020
Location:
United States of America
Summary
A malware attack disrupted operations at Samaritan Medical Center, a major regional healthcare facility in upstate New York, causing weeks-long system outages that prevented access to electronic medical records and disrupted payroll and accounting functions. While patient care continued, some non-urgent procedures required rescheduling during network restoration efforts. The organization confirmed no evidence of compromised patient data but faced prolonged recovery challenges, gradually restoring critical systems including EMRs and communications platforms while working to fully reinstate its entire network infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Samaritan Medical Center, a 290-bed not-for-profit hospital in Watertown, New York, experienced a significant malware attack beginning around July 6, 2020, which disrupted critical systems for approximately three weeks. The attack prevented medical staff from accessing electronic medical records (EMRs), severely impacting clinical operations at the facility that serves as the largest hospital in its northern New York region and generates $395 million in annual economic activity. Payroll and accounting systems were also compromised, creating additional operational challenges. Despite these disruptions, the medical center continued providing patient care throughout the incident, though it was forced to reschedule a limited number of non-urgent procedures to maintain safety standards. The hospital publicly acknowledged the "potential security incident" on July 29, 2020, after which external communication became severely constrained—multiple email systems experienced network errors, forcing the institution to primarily use its Facebook account for official updates.
By late July 2020, Samaritan Medical Center had partially restored core systems, with EMRs and financial platforms returning to functionality first. Full network restoration remained ongoing at the time of their July 29 statement, though basic communications channels including phones and the official website had been reactivated. Hospital administrators confirmed there was no evidence of patient data compromise during the attack but did not disclose technical details about the malware or identify potential threat actors. The incident occurred amid heightened cybersecurity threats to healthcare organizations during the COVID-19 pandemic, with attackers exploiting pandemic-related operational strains and increased reliance on remote-access technologies. This disruption mirrored broader patterns of cyberattacks targeting healthcare providers and medical research entities globally during the public health crisis, though no direct connection was established between Samaritan's incident and other contemporaneous attacks.