Cyber Attack On Montgomery General Hospital, WV

“D#nut Leaks had done more than add MGH’s name to their leak site. They had also dumped files from the hospital. DataBreaches asked how they gained access to MGH, the spokesperson answered, “via Microsoft Exchange exploit.” “

“Victims often do not respond to ransom demands or contacts from their attackers. In this case, MGH reportedly responded, and D#nut Leaks shared some chat logs with DataBreaches. The chat began on March 5 when someone showed up claiming to be a member of MGH’s executive team. D#nut’s negotiator (“d0nut”) told MGH "We are here to inform you that we have infiltrated your network and stayed there for 3 days (it was enough to study your documentation and gain access to your files and services). Also we have downloaded personal data related to your patients, employees and management. Since your business provides critical services and its infrastructure necessary for ordinary people health, we decided not to crypt or damage your network. But we still have downloaded sensitive data from there, so we could make a deal. We know that your IT team found us in your network, also we know that they installed Sentinel Antivirus to resist us. After few hours we removed this AV. At this point we made a decision not to damage your network, but to discuss this situation with your administration and negotiate about sensitive data we own from your network." “

“MGH did not make any counteroffer but asked for more information (an entire file tree and not just a partial one), a lower price, and more time. As we have seen in other cases, the hospital stated that as a non-profit, they could not afford what was demanded. The negotiator said they also had to go through specific processes to get board approval for expenses above a certain amount. There was no mention of any cyberinsurance. “