Atlantic General Hospital
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Atlantic General Hospital (AGH) in Berlin, Maryland, experienced a significant data breach due to a ransomware attack that was first detected on January 29, 2023. The breach initially appeared to impact over 30,000 patients, but subsequent investigations revealed that the number of victims was far greater, totaling nearly 137,000 individuals. This incident has led to a class action lawsuit against AGH, alleging negligence in protecting patient data.
Overview of the Breach
The ransomware attack encrypted files on AGH’s systems, limiting access to patient and employee data. Unauthorized access to AGH servers began on January 20, 2023, and continued until the attack was detected. The compromised information included names, Social Security numbers, dates of birth, driver’s license numbers, financial account details, medical record numbers, health insurance information, and detailed medical information such as diagnoses and treatments
Response and Recovery
AGH responded to the attack by engaging forensic investigators and cybersecurity consultants to assess the impact and restore network systems. The hospital continued to provide care using downtime procedures and reported the event to the FBI. Despite the disruption, essential services such as emergency care, primary care, and elective surgeries remained operational
AGH also implemented additional security measures to prevent future incidents
Legal and Regulatory Implications
A class action lawsuit was filed against AGH, accusing the hospital of failing to adequately protect sensitive patient data. The lawsuit seeks damages and injunctive relief, demanding improvements in AGH’s data security practices
The breach has also been reported to regulatory bodies, including the Maine Attorney General’s Office, highlighting the significant legal and regulatory fallout from such cybersecurity incidents