Cyber Incident Victim: Four Winds Hospital

On September 1, 2020, Four Winds Hospital in Katonah, New York, discovered it had fallen victim to a ransomware attack that blocked access to its computer systems. The attack rendered the hospital unable to operate its networks for two weeks following detection. Hospital administrators immediately notified New York State and federal law enforcement agencies, initiating an investigation into the incident and the responsible cybercriminals. Security teams locked out the attackers from further system access and engaged cybersecurity experts to assist with response efforts and forensic analysis. Investigators attempted to verify whether patient data had been compromised, with the hospital claiming it obtained evidence suggesting attackers deleted any files they possessed, though this evidence could not be independently confirmed.

Forensic analysis determined encrypted data fields, email systems, cloud-based applications, and the electronic medical record system remained inaccessible to attackers during the breach. Cybercriminals successfully accessed password-protected data files, prompting a manual file-by-file review to identify exposed patient information. This investigation revealed compromised materials included comprehensive patient name and medical record number lists spanning from 1983 to September 2020. Approximately 100 records contained social security numbers, while files dating to 2013 held limited treatment information. Medicare patients admitted before 2019 were impacted due to historical storage of SSNs from Medicare cards displaying those numbers. The hospital implemented measures to prevent recurrence but did not disclose whether ransom payments were made or specify operational disruptions beyond the two-week system lockdown. No independent verification confirmed the attackers' data deletion claims or the full efficacy of containment actions.