Ransomware Attack Cripples Dozens of ‘Memorial Health System’ Hospitals

Last updated September 24, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The ‘Memorial Health System,’ a not-for-profit organization that operates 64 clinics in the states of Ohio and West Virginia, has announced a cybersecurity incident that unfolded early this Sunday, and the effects of which are persisting. The case appears to be a ransomware attack that has crippled dozens of hospitals and clinics in the region, resulting in surgery cancellations, patient diversions, and generally risking the lives of people who require medical attention and care.

The statement gives diversion instructions, rerouting patients to the nearest available clinics that operate normally. While all emergency departments will continue to accept those suffering from myocardial issues, strokes, and severe trauma, radiology, internal communications, financial operations, and some diagnostics are still not working. For now, the personnel in the affected hospitals will continue to work with pen and paper, as the IT teams work hard to get everything back online. As for the COVID-19 vaccinations, these have been canceled until further notice as well, including the walk-in points and all scheduled second doses.

The statement adds that no patient or employee information has been compromised as a result of the incident. However, the investigations are still underway, so no conclusive statements can be made yet. The three hospitals that appear to suffer the most damage are the Marietta Memorial Hospital, the Selby General Hospital, and the Sistersville General Hospital.

If you live near those clinics, make sure to be informed about secondary options in the area to keep them in mind in the case of an emergency. If you had an appointment scheduled, these would still be held even if doctors won’t have access to patient histories stored on the hospital’s database.

For now, there have been no leaks around which ransomware group is behind the attack or what infiltration point was exploited, and we weren’t able to find anything relevant posted on the various RaaS extortion portals. Either it’s too early in the negotiation phase, or the actors failed to exfiltrate useful data, something that would be quite rare, though.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: