25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Memorial Hospital and Manor Recovering from Ransomware Attack

Posted By on Nov 5, 2024

Memorial Hospital and Manor in Georgia warned patients about a ransomware attack less than 24 hours after the attack was detected. Cornerstone Healthcare Group Management Services has notified patients about a cyberattack detected in mid-December 2023.

Memorial Hospital and Manor Recovering from Ransomware Attack

A small rural hospital in Georgia has alerted patients about a recent ransomware attack that has prevented access to its IT systems, including its electronic medical record (EMR) system, email system, and website. Memorial Hospital and Manor, an 80-bed hospital and 107-bed long-term care facility in Bainbridge, Georgia, issued a statement on its Facebook page on November 3, 2024, warning patients that a ransomware attack was detected in the morning of November 2, 2024.

The hospital told patients that while access to IT systems has been disrupted, care continues to be provided to patients and the attack is not having any impact on the level or quality of care; however, since the hospital has switched to downtime procedures and is recording patient information manually, patients may experience longer wait times.  The rapid announcement was made because the hospital wishes to remain fully transparent about the security incident.

Memorial Hospital and Manor said the attack was detected when employees started seeing alerts from its antivirus solution about potential risks. An internal investigation was immediately launched to confirm the scope of the incident, which determined that certain information was accessed and acquired in the attack. The file review concluded on January 31, 2025, and it was confirmed that names, Social Security numbers, dates of birth, health insurance information, medical treatment information, and medical histories were involved. Notification letters were sent on February 7, 2025, to the 120,085 individuals potentially affected who have been offered complimentary credit monitoring services for 12 months. Memorial Hospital has implemented additional security measures to strengthen data security and prevent similar incidents in the future.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Cornerstone Healthcare Group Management Services Notifies Patients About December 2023 Data Breach

Cornerstone Healthcare Group Management Services, a provider of support services to healthcare facilities, including Cornerstone’s long-term acute care, senior living, and behavioral health services in Arizona, Arkansas, Louisiana, Oklahoma, Texas, and West Virginia, has alerted patients about a December security incident that exposed their protected health information.

Suspicious activity was identified within its network in mid-December 2023, and an investigation was launched to assess the scope and cause of the incident. Assisted by third-party cybersecurity experts, Cornerstone determined there had been unauthorized access to its network and that a data breach occurred on December 19, 2023, although there was no impact on the delivery of care at any point. On May 30, 2024, Cornerstone confirmed that the personal and protected information of patients of current and former clients was among the compromised data. The affected data was reviewed, and now that the results have been validated, notification letters are being sent to the affected individuals who have been offered complimentary credit monitoring and identity theft protection services.

The data compromised in the incident included names, dates of birth, Social Security numbers, federal or state ID numbers, financial account information, credit or debit card information, digital signatures, email addresses and passwords, usernames and passwords, passport numbers, medical/health information, health insurance information, and other protected health information. Cornerstone said it is continuing to strengthen the security of its systems to prevent similar breaches in the future. The HHS’ Office for Civil Rights was provided with a placeholder estimate of 501 affected individuals. The total was later updated to 484,957 individuals.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist