Money Message ransomware gang claims attack on Anna Jaques Hospital
Learn More
The Money Message ransomware group have claimed responsibility for orchestrating a cyberattack on Anna Jaques Hospital (AJH) in Massachusetts on Christmas Day. They claim to have exfiltrated 600GB of data from AJH and mentioned possessing data from its parent network, Beth Israel Lahey Health, without specifying a ransom demand.
AJH acknowledged the cybersecurity incident on January 5, detailing their prompt response to secure their systems and prioritize patient safety and privacy. This incident disrupted AJH's electronic health records system and forced them to divert ambulances on Christmas Day, but currently the hospital is fully operational.
No details are disclosed about the nature of the attack, impacted data or individuals.
This attack was part of a larger pattern where ransomware groups specifically target healthcare institutions and non-profits during holidays, taking advantage of reduced IT staff.
Update - as of 7th of December 2024, Anna Jaques Hospital confirmed the security incident. The investigation concluded on November 5, 2024, following detailed forensic analysis and manual document review.
The investigation confirmed that an unauthorized party had gained access to sensitive files containing various types of personal and medical information. The compromised data includes:
- Demographic information
- Medical records
- Health insurance information
- Social Security numbers
- Driver's license numbers
- Financial information
- Additional personal and health records
The total number of affected individuals is about 310,000.
While the hospital claims that there is currently no evidence of fraud related to the breach, they began notifying potentially impacted individuals by mail on December 5, 2024, as part of their incident response protocol.
