Cyber Incident Victim: Monongalia Health System
Date:
Dec 2021
Location:
United States of America
Summary
Monongalia Health System experienced a cyberattack that disrupted IT systems and potentially compromised patient, employee, provider, and contractor data, though electronic health records remained secure. Attackers accessed the network for nearly two weeks, exfiltrating sensitive information including names, addresses, Social Security numbers, health insurance details, medical record identifiers, and treatment information. The organization responded by isolating affected systems, resetting credentials, enhancing network security, and alerting authorities, while initiating mailed notifications to impacted individuals. This incident followed a separate business email compromise earlier the same year involving unauthorized email system access, though the December breach represented a distinct intrusion vector.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Monongalia Health System (Mon Health) experienced a cybersecurity incident involving unauthorized network access between December 8 and December 19, 2021. The organization first detected system disruptions on December 18, 2021, but only identified evidence suggesting potential data theft approximately two weeks later. Attackers infiltrated the healthcare provider's network for 11 days but were unable to compromise electronic health records systems. The breach exposed sensitive information including patient names, addresses, dates of birth, Social Security numbers, health insurance claim numbers, medical record numbers, patient account numbers, and medical treatment details. Employee, provider, and contractor data was also potentially compromised during the intrusion period. In response to the discovery, Mon Health immediately took affected network segments offline, initiated enterprise-wide password resets, implemented network hardening measures, and reported the incident to relevant authorities. The organization began mailing breach notifications to impacted individuals though did not disclose the total number of affected patients or employees.
This incident marked the second cybersecurity event disclosed by Mon Health within a four-month period. Between May 10 and August 15, 2021, the organization suffered a separate business email compromise (BEC) attack involving unauthorized access to its email systems. The earlier email breach impacted approximately 400,000 individuals according to December 2021 filings with the U.S. Department of Health and Human Services. The December network intrusion occurred despite these prior security challenges, with attackers maintaining persistent access across multiple critical systems for nearly two weeks before detection. While containment measures prevented electronic health record compromise, the breach exposed substantial volumes of sensitive personally identifiable information and protected health information across multiple stakeholder groups including patients, staff members, and business partners.