Cyber Incident Victim: Thundermist Health Center
Date:
Nov 2018
Location:
United States of America
Summary
Thundermist Health Center experienced a ransomware attack that disrupted its systems, prompting immediate action to protect patient and employee data with no evidence of compromise found. The organization activated its emergency response plan, canceling appointments that required electronic health records while maintaining safe patient care with minimal overall impact. It notified state health and law enforcement authorities and continued serving tens of thousands of patients across three communities during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 29, 2018, Thundermist Health Center in Woonsocket, Rhode Island, experienced a ransomware attack that disrupted its operational systems during the morning hours. The healthcare provider immediately activated emergency protocols to contain the incident and safeguard sensitive information, prioritizing the protection of patient and employee data. Amanda Barney, the organization’s associate vice president of communications and development, confirmed these actions in statements to local news outlet WPRI, emphasizing that no evidence of compromised data had been identified as of that evening. Thundermist’s public homepage statement reiterated this assessment, noting that the response included limiting the attack’s spread while maintaining safe patient care standards. The disruption necessitated the cancellation of appointments that could not proceed safely without access to electronic health records, though the center remained open for other services. Concurrently, Thundermist notified the Rhode Island Department of Health and the Rhode Island State Police to coordinate incident reporting and regulatory compliance.
The attack impacted Thundermist’s operations across its three primary locations in Woonsocket, West Warwick, and South County, which collectively serve tens of thousands of patients annually. While the specific ransomware variant and initial attack vector were not disclosed, the organization’s containment efforts prevented broader system compromise or data exfiltration. Patient care experienced minimal interruptions due to the implementation of contingency plans, though the cancellation of certain appointments demonstrated the reliance on electronic health records for clinical workflows. Thundermist maintained transparency through public communications, consistently asserting that no patient or employee information was accessed or exfiltrated during the incident. The healthcare provider concluded its initial response by continuing to monitor systems and collaborate with authorities, ensuring operational continuity while reinforcing data security measures.