Cyber Incident Victim: St. Lawrence Health System

On October 27, 2020, the St. Lawrence Health System experienced a ransomware attack impacting computer systems across its three hospitals: Canton-Potsdam, Massena, and Gouverneur. The attack was initially reported by external observers who noted characteristics consistent with ransomware, prompting speculation prior to official confirmation. The health system subsequently acknowledged the incident on October 28, identifying the malware as a previously undocumented variant of Ryuk ransomware. This novel variant’s emergence complicated initial response efforts, as its behavior and potential attack vectors were not yet understood by cybersecurity professionals. Hospital operations were disrupted, though the exact nature and duration of clinical or administrative interruptions were not detailed in public statements.

St. Lawrence Health System officials asserted that no patient or employee data appeared compromised during the incident, emphasizing no evidence of data exfiltration had been detected. This claim was met with skepticism by cybersecurity outlets, including DataBreaches.net, which noted ransomware actors frequently conceal evidence of data theft through sophisticated obfuscation techniques. The health system did not disclose specific containment measures, recovery timelines, or whether ransom demands were issued or paid. External media coverage relied on the health system’s limited public disclosures, with no supplementary technical details regarding attack entry points, lateral movement, or encryption scope released. The incident underscored operational vulnerabilities within regional healthcare infrastructure while highlighting persistent challenges in definitively disproving data exfiltration following ransomware attacks.