hiveleak attacks Johnson Memorial Health

Incident Date:

January 25, 2022

World map



hiveleak attacks Johnson Memorial Health


Johnson Memorial Health




Franklin, USA

Illinois, USA

First Reported

January 25, 2022

Johnson Memorial Health Suffers Ransomware Attack by Hiveleak Group

Johnson Memorial Health, a healthcare provider based in Franklin, Indiana, has been targeted by the ransomware group Hiveleak. The attack was announced on the group's dark web leak site, and the victim's website is Johnson Memorial Health operates in the Healthcare Services sector and has been a member of the Mayo Clinic Care Network since 2021.

The company, which has been reeling from the effects of the attack for over two years, was hit by the ransomware group in October 2021. The attack disrupted the hospital's operations, causing chaos and mayhem for months. Despite the disruption, patient care has not been compromised, and surgeries and appointments continue as normal, although registration may take longer due to the lack of computer usage.

Johnson Memorial Health is not the only healthcare provider to be targeted by ransomware attacks. In the aftermath of the attack, the focus often falls on the risk of confidential patient information being exposed, but these attacks can also leave hospitals hemorrhaging millions of dollars in the months that follow and cause disruptions to patient care, potentially putting lives at stake.

The attack on Johnson Memorial Health is part of a rising wave of cyberattacks on U.S. hospitals, with nearly 250 hospitals impacted by cyberattacks in 2022, far more than in prior years. In Indiana, where Johnson Memorial Health is located, 27 hospitals were hit by cyberattacks between 2010 and 2023.

The company's vulnerabilities in being targeted by threat actors are not explicitly mentioned in the search results. However, it is clear that despite investing millions in cybersecurity, healthcare providers remain vulnerable to cyberattacks. The FBI has taken down several ransomware groups, including the Hive, which was behind the attack on Johnson Memorial.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.