Cyber Incident Victim: Enloe Medical Center

On or around January 3, 2020, Enloe Medical Center in California experienced a ransomware attack that disrupted hospital operations. The attack, which occurred on the preceding Tuesday, encrypted data stored on the hospital’s network, rendering it inaccessible to staff. This system-wide encryption forced the medical center to reschedule elective procedures, though emergency services remained operational. The incident also disabled the hospital’s internal and clinic phone systems, compounding operational challenges. Hospital officials confirmed the attack’s ransomware nature but did not disclose the specific variant or initial intrusion vector. By Friday, January 3, technicians had restored phone services, though network access and data recovery efforts continued.

Enloe Medical Center engaged the FBI and a third-party security consultant to investigate the incident and restore encrypted systems. Kevin Woodward, the hospital’s Chief Financial Officer, publicly stated that no evidence indicated patient medical data had been compromised during the attack. The hospital prioritized system restoration while maintaining critical patient care functions, though elective procedure delays persisted during recovery. Officials committed to providing further updates as the investigation progressed but did not specify a timeline for full system recovery. No ransomware group claimed public responsibility, and the hospital did not disclose whether a ransom was demanded or paid.