Cyber Incident Victim: Johnson Memorial Health

On March 21, 2022, the Hartford, Connecticut-based law firm Reid and Riege detected a security breach involving unauthorized access to its systems. The subsequent forensic investigation confirmed the intrusion persisted until March 27, 2022, during which attackers deployed malware compromising sensitive data. Johnson Memorial Hospital in Stafford Springs, Connecticut—a Trinity Health of New England affiliate—was notified of the incident on May 27, 2022, as the law firm’s compromised systems contained patient personal and protected health information. The hospital’s data exposure stemmed from its association with Reid and Riege, though the specific types of information accessed were not publicly disclosed by either entity. No evidence indicated targeted theft of hospital records, but the malware attack created a pathway for potential exfiltration of identifiable patient details. The investigation did not establish whether attackers actively viewed or extracted hospital-related files during the six-day breach window.

Johnson Memorial Hospital acknowledged the incident but did not disclose remediation measures or identity protection services offered to patients. The scope of impacted individuals remained undetermined at the time of public reporting, with no confirmation of whether Social Security numbers, medical histories, or financial data were among the exposed elements. Reid and Riege’s investigation confirmed the breach timeline but did not attribute the attack to a specific threat actor or motive. No reports of identity theft or fraudulent misuse of hospital patient data were linked to the incident following the law firm’s disclosure. The hospital deferred to Reid and Riege’s oversight of the forensic review without detailing internal security adjustments or coordination with regulatory bodies.