Wayne Memorial Hospital ransomware attack exposes data of 163,000 patients

Wayne Memorial Hospital, an 84-bed community hospital located in Georgia, is reporting a ransomware attack that compromised information of 163,440 individuals. The incident, occurred between May 30 and June 3, 2024, was claimed by the Monti ransomware group.

The attack was discovered on June 3, 2024, when Wayne Memorial Hospital detected a ransomware event. The attack encrypted some of WMH's data, and left a ransom note on WMH's network. 

WMH initially reported the hacking incident to federal regulators in August 2024 as affecting only 2,500 people. Further investigation confimed that the number of affected individual is 163,440 patients in September 2025.

The exposed data includes:

• Names, dates of birth, and Social Security numbers
• Driver's license numbers and state identification numbers
• User IDs and passwords for hospital systems
• Financial account numbers and credit/debit card information
• Medicare and Medicaid numbers
• Health insurance member numbers and healthcare provider numbers
• Medical diagnoses, treatment histories, and prescription information
• Laboratory test results and medical imaging records

Wayne Memorial Hospital has provided notification letters to affected individuals and is offering victims 12 months of free fraud assistance and credit monitoring. The hospital has advised affected individuals to be careful of phishing and consider placing fraud alerts with credit bureaus.