Cyber Incident Victim: Newberry County Memorial Hospital

Newberry County Memorial Hospital in South Carolina experienced a ransomware attack in February 2021, as confirmed in a public statement released the following month. The hospital disclosed that the cyber incident occurred despite existing security measures but emphasized that no patient records or employee information were accessed or exfiltrated during the breach. While the exact date of the attack within February was not specified, the hospital's March announcement indicated the ransomware encryption event had been contained by that time. No operational disruptions to patient care services were reported in the available statements. The hospital did not identify the ransomware variant involved or specify whether attackers demanded payment. Third-party cybersecurity analysts monitoring dedicated leak sites observed no publication of hospital data following the incident as of March 13, 2021.

In response to the attack, Newberry County Memorial Hospital initiated security enhancements to strengthen defenses against future cyber threats, though specific technical measures were not detailed in public communications. The hospital maintained throughout its disclosures that forensic investigations found no evidence of unauthorized access to sensitive information, including medical records, insurance details, or personnel files. No breach notification appeared on the hospital's official website or through the U.S. Department of Health and Human Services' public breach reporting portal during the immediate aftermath. The absence of regulatory filings suggested the organization concluded the incident did not meet federal reporting thresholds for compromised protected health information. Recovery timelines and potential financial impacts were not disclosed in available reporting.