Sonoma Valley Hospital Security Incident Blamed on Ransomware

The security incident triggered a significant downtime event, according to the hospital.

Sonoma Valley Hospital Security Incident Blamed on Ransomware

UPDATE NOVEMBER 3, 2020: The October 11 security incident that happened at Sonoma Valley Hospital is now being classified as a ransomware attack. It is believed to be part of a coordinated Russian operation targeting as many as 400 U.S. hospitals, reports the Press Democrat.

The hospital said that in response to the attack, it quickly stopped the incident by taking its electronic systems offline. The medical facility didn’t pay the attackers any ransom. While all of this was happening, the hospital was still able to provide emergency care and perform surgeries, as well as perform most diagnostic tests.

According to a statement by the hospital:

After discovering the attack, our cyber security team – in partnership with outside information technology and forensics experts – successfully prevented the cybercriminal from blocking our system access and ultimately expelled them from our system. Prior to our locking out the cybercriminal, the cybercriminal may have removed a copy of a subset of data.

Based on the reports of the investigation, it is possible that some patient medical information was compromised. We do not believe that patient financial information such as financial account information or payment information was affected. Sonoma Valley Hospital’s electronic health record system was not affected by this incident. The forensic investigation is ongoing to identify individual patients potentially affected and specific data involved. We will notify affected patients, as appropriate, when we have more detailed information available to us.


Sonoma, California – Sonoma Valley Hospital reported last week that a security incident shut down its computers.

In its October 22 notice to patients, the hospital said the October 11 incident “triggered a significant downtime event”:

Currently, the Hospital is maintaining operations while computer systems are being fully restored. We have maintained the ability to care for patients using our business continuity plan.

  • Emergency Care remains available 24/7. Necessary surgeries and elective procedures have not been disrupted by the incident.
  • The majority of diagnostics are being continued without interruption.
  • The patient portal remains available but new results have not been posted to the portal since October 11.

The Hospital immediately initiated an investigation. We have partnered with outside experts to help us investigate and remedy this incident.  We will provide updates as the investigation progresses.

Some patients who were waiting for their test results were repeatedly told to check back with the hospital, reports the Sonoma Index-Tribune. One woman attempting to schedule a mammogram told the newspaper she was delayed in making her appointment for at least a week due to Sonoma Valley’s computer problems.

It is unclear what caused the security incident and if it was ransomware.

Sonoma Valley Hospital is just the latest medical facility to experience IT disruptions. In September, all 250 of Universal Health Services facilities’ computer networks were affected by a malware attack.

The cost of such breaches is expensive. In mid-October, 28 states won a nearly $5 million judgement against Tennessee-based CHS/Community Health Systems Inc. and its subsidiary, CHSPSC LLC, over a 2014 data breach that affected approximately 6.1 million patients. The settlement followed a $2.3 million settlement by the Department of Health and Human Services for Civil Rights over the same security incident.

The average cost of a data breach in the healthcare industry is $7.13 million, which is nearly double the average cost in other sectors.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

robin hattersley headshot

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ