Over a year after the attack, Wayne Memorial Hospital has begun formally notifying patients that their personal and medical data were stolen.
What happened
Wayne Memorial Hospital, a rural facility in Jessup, Georgia, has sent out notification letters to 163,400 patients affected by a ransomware attack that took place in May 2024. The breach was discovered on June 3, 2024, though it was later confirmed that attackers had access to the hospital’s network starting May 30, 2024.
The Monti ransomware group claimed responsibility for the attack. The hackers exfiltrated patient data, encrypted files on the hospital’s network, and demanded a ransom payment. Wayne Memorial chose not to pay the ransom and successfully restored its systems using backups. However, the stolen data was posted to a dark web leak site that was later taken offline, after being viewed nearly 300,000 times.
Going deeper
Patients’ exposed information varied, but included combinations of highly sensitive data such as names, Social Security numbers, medical records, insurance details, diagnoses, financial account numbers, and prescription data.
While the breach was initially reported to regulators in August 2024 as affecting approximately 2,500 people, a more extensive forensic review revealed the true number was more than 160,000. The Maine Attorney General’s office has since received updated figures, though the federal breach portal has yet to reflect the new total.
Individual notifications began mailing on August 27, 2025. Wayne Memorial is offering complimentary credit monitoring and identity theft protection services to those affected. The hospital also stated that it has implemented additional cybersecurity measures to reduce the risk of future attacks.
What was said
Wayne Memorial stated that its IT systems were immediately secured after the attack and that the delay in patient notification was due to the extensive time required to review and verify the contents of the exfiltrated files. A press release was issued in August 2024 to alert the public, but personalized notifications were only recently completed.
The Monti ransomware group’s data leak site has since gone offline, but its posting regarding the hospital breach had received hundreds of thousands of views during its time online.
FAQs
What is the Monti ransomware group, and who do they typically target?
Monti is a ransomware group that emerged in 2022 and has been known to target healthcare institutions, government agencies, and educational entities, often using double extortion tactics (encryption plus data leaks).
Why did it take over a year to notify affected patients?
Reviewing large volumes of exfiltrated files to determine exactly which individuals were affected is a time-consuming process, especially for a smaller hospital with limited internal resources.
What is the difference between press announcements and individual breach notifications?
Press announcements serve as early public alerts, while individual notifications are legally required and must be tailored to each person whose data was compromised, detailing the specific risks.
Is it common for breach estimates to change after initial reporting?
Yes. Early breach reports are often based on preliminary findings. Detailed forensic investigations can later reveal much higher numbers of affected individuals.
What should patients do if they receive a breach notification letter?
Patients should activate any offered credit monitoring services, remain vigilant for signs of identity theft, and consider placing a fraud alert or credit freeze with major credit bureaus.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Farah Amod
