GMH did not report breach to AG; nurses say patients’s lives at risk

Guam Memorial Hospital did not report the illegal breach of its systems to the attorney general of Guam. That breach by a foreigner caused GMH management to shut down its systems for more than a week, endangering the lives of patients who couldn’t even be given blood because they didn’t have printable identifying wrist bands, according to a nurse.

The breach happened two weekends ago, but GMH officials decided to withhold that information from the public and GMH employees until late Friday. That was when management held a closed-door ‘town hall’ meeting with its employees and some of its partners to disclose the problem. One of the meeting attendees recorded part of the meeting, and sent the recording to Kandit.

“People’s lives and safety are at stake,” a nurse said in the recording. Her colleague explained how the inability for the hospital to share records among staff and to print even identifying wrist bands has withheld critical care to patients.

“I’ve been a nurse for 22 years, and I’ve worked for about 50 hospitals, and we’ve had breaches before, and in 22 years I have never dreaded going into work,” the colleague said. “I have physically dreaded going in tomorrow knowing that all of our patients in the hospital at the moment are at risk. This is totally beyond unacceptable. This is beyond a disaster. We cannot continue to do this.”

“This is not safe,” he continued. “Last week we had patients that didn’t even have the arm band to be able to allow them to have blood product. I actually physically went to and tried to get the blood product and they denied me because we didn’t have anything to verify who that patient is. How can we continue to do this and render the safest care that we can? There’s no way we can. Administration is not where they need to be.”

According to GMH legal counsel Jeremiah Luther, the hospital’s IT staff began noticing unusual activity two Thursdays ago, which prompted a decision to shut down the hospital’s entire network. That included its phone lines, which management failed to consider would be affected. Over that weekend, the hospital authority issued a news release informing the public that calls could not be made to and from GMH via land line, and that the email system also was down temporarily. Those in the know at the time believed the network would be up and running within 48 hours, and no one would be the wiser.

“We have information that multiples breaches occurred,” Mr. Luther confirmed in the recording.

“We are going to have a third-party vendor coming in to render their expertise, we have Homeland Security right now on site working with our IT team and their experts are looking through our system, and we’re also hoping that the FBI – we expect the FBI – will come here and take a forensic look at our system as well,” Mr. Luther said in the recording.

And though multiple Guam laws were violated by the hackers, GMH did not inform the one person ultimately responsible for the investigation and prosecution of violators of those laws: Attorney General Douglas Moylan.

“I was unaware that GMHA had been the target of a cyber attack until your story [Friday],” Mr. Moylan told Kandit. “GMHA has not notified our office that I am aware of.  Their attorney is Jeremiah Luther and is not affiliated with our office. Had we been given authority to represent GMHA, we would have immediately investigated and been in a position to advise GMHA.”

“GMHA has been working with federal authorities on the investigation,” Mr. Luther told Kandit, when asked why his public agency did not report the crimes to the AG. “It is our intent to brief the attorney general on our findings as soon as we have the network up and running and our information techs can be available to answer questions. It is important to note that we believe the source of the breach was located off-island. Thus, the need to immediately involve the FBI.”

But Mr. Moylan was not having any of it.

“The Legislature should seriously consider changing the law to require all autonomous agencies to only receive legal advice and protection from the people’s elected chief prosecutor which is the elected attorney general,” Mr. Moylan said. “Guam law allows most autonomous boards and commissions to select, retain and fully control privately-hired and controlled attorneys and law firms.  Most of their attorneys they select are paid by the hour and do not answer directly to the taxpaying- and voting public like the elected AG does. Also these agency counsels have no power to criminally prosecute corrupt officials nor persons harming the taxpayer-funded agencies.”


  • Troy, please reach out to CMS and report this. Staff are unwilling to because of fear of retaliation. Show them your post. Concerned employee

Leave a Reply

Your email address will not be published. Required fields are marked *