Myrtue Medical Center, a critical access hospital in Harlan, Iowa, has allegedly been targeted by the “wordleaks” ransomware group. The group claims to have exfiltrated a significant amount of data from the hospital’s systems. Myrtue Medical Center is a vital healthcare provider for Shelby County and surrounding communities, offering a wide array of services including emergency care, surgical procedures, and primary and behavioral health services. The institution has been nationally recognized for its quality of care.
The ransomware group alleges to be in possession of 1.2 terabytes of data, encompassing 806,625 files, which have not yet been publicly released. An attack on a healthcare provider of this significance raises serious concerns about the potential exposure of sensitive patient and operational information. The compromise of such a large volume of data could have considerable consequences for both the hospital and its patients.
While the full extent of the alleged breach is not yet clear, the stolen data could potentially include a wide range of sensitive information. At this time, the hospital has not publicly confirmed the attack. The potential leaked data may include:
- Patient medical records and history
- Personal identifiable information of patients and staff
- Financial and billing information
- Internal hospital operational documents
