Rural Georgia Hospital Confirms Massive Ransomware Breach, Notifies 163,000 Patients Fifteen Months Later

Wayne Memorial Hospital, an 84-bed facility in Jessup, Georgia, has confirmed that a ransomware gang made off with sensitive patient information more than a year ago. The hospital has now begun sending notification letters to the 163,400 people whose records were swept up in the attack.

The breach was first detected on June 3, 2024, after attackers had already been inside the network for several days. During that window, the Monti ransomware group exfiltrated files, encrypted hospital systems, and demanded payment to prevent the release of data. Wayne Memorial refused to pay, instead restoring operations from backups after pulling systems offline.

Monti publicly claimed responsibility and posted the hospital on its leak site, which racked up nearly 300,000 views before the site went dark. Although the group’s platform has since disappeared, the exposure of personal and medical details is permanent.

The Scope of Stolen Data

Letters sent out at the end of August detail just how much information was compromised. Depending on the patient, stolen files could include Social Security numbers, driver’s license details, financial and credit card data, insurance and Medicare IDs, clinical diagnoses, prescription histories, lab results, and even login credentials.

The initial report to federal regulators estimated only 2,500 patients were impacted. But filings to the Maine Attorney General revealed the much larger scale of the breach. As of this week, the Department of Health and Human Services breach portal has not been updated to reflect the revised number.

Wayne Memorial said it has “implemented additional cybersecurity measures” and is providing complimentary credit monitoring and identity theft protection.

Expert Warnings

Security experts say the attack is part of a broader pattern of ransomware operators exploiting the healthcare sector.

“As breaches become increasingly sophisticated and rapid, supercharged by AI and associated AI Agents, safeguarding sensitive health records and PII must remain a top priority,” said Chris Sault, Director of Healthcare at Ping Identity. “Compromised data not only raises compliance concerns—it erodes patient trust. By adopting a mindset where 'only the verified can be trusted' and following a strategic Zero Trust framework, healthcare organizations can minimize exposure risks, ensure long-term security and strengthen patient confidence and loyalty.”

Monti’s tactics are well-known to researchers.

“The hospital has not confirmed the threat actor’s identity, but Monti claimed responsibility and threatened to leak data by July 8, 2024,” said Lidia López, Senior Threat Intelligence Analyst at Outpost24. “Monti is a ransomware group that emerged in mid-2022 and operates a double-extortion model: encrypting files while exfiltrating data for publication on its Data Leak Site (DLS).”

She added that the group has previously targeted healthcare providers including Spine West and Excelsior Orthopaedics, often exploiting edge vulnerabilities and VMware ESXi servers. Although Monti’s leak site has been offline since May, López warned that Wayne Memorial patients face long-term risks: “Given the Wayne Memorial breach exposed Social Security numbers, payment cards, and medical records, patients now face long-term risks of identity theft, medical fraud, and targeted scams.”

A Slow Path to Notification

The timeline underscores the challenges hospitals face in sorting through exfiltrated data. Wayne Memorial first acknowledged the incident publicly in August 2024, but it took more than a year to complete the review of affected files and issue personalized notices. For the rural community the hospital serves, that delay may prove just as damaging as the breach itself.