Cyber Incident Victim: Wenco Management

On August 15, 2022, Ascension St. Vincent’s Coastal Cardiology in Georgia discovered a ransomware attack targeting several legacy systems, including an electronic medical record (EMR) platform. The security team immediately secured the affected legacy network upon detection but confirmed ransomware had already encrypted portions of its data. The attack did not compromise Ascension’s primary network or Coastal Cardiology’s active EMR system. A third-party forensic investigation determined an attacker accessed systems within the legacy Coastal Cardiology network, which Ascension maintained to retain historical patient data for regulatory compliance purposes. These legacy systems were not involved in current clinical or business operations. Investigators found no evidence that data was exfiltrated from the systems or misused by the threat actors. However, due to the encryption of the affected data, Ascension could not definitively identify the specific information compromised in the attack.

The legacy EMR contained personal and health information related to patient visits to Coastal Cardiology prior to October 5, 2021, including demographic details, insurance information, Social Security numbers, clinical treatment data, and billing records. Ascension issued breach notifications to an undisclosed number of potentially affected patients, offering complimentary two-year credit monitoring and identity theft detection services. The organization reported the incident to law enforcement and cooperated with their investigation. Internal response measures included initiating a security risk assessment, realigning staff responsibilities, revoking all access rights to the legacy systems, and conducting retraining for associates. No disruptions to active healthcare operations or current patient records systems occurred as a result of the incident.