Last Thursday, Tallahassee Memorial HealthCare (TMH) in Florida was forced to take its IT systems online, divert ambulances, and suspend all non-emergency medical procedures due to a cyberattack. The hospital issued a statement confirming that it would only be accepting patients with Level 1 traumas from its immediate service area while the cyberattack is investigated and systems are restored.
The hospital said the attack only affected specific systems, but other, unaffected systems were taken offline to contain the attack. Systems are being prioritized and will be brought back online one by one when it is safe to do so. On Thursday, the hospital could not provide any information on the likely timeframe for recovery but said updates will continue to be provided on its website. On Sunday, a statement was issued confirming progress is being made restoring systems, that TMH Physician Partners are still operational, and they will start seeing patients as scheduled from Monday, February 6, 2023; however, all non-emergency surgeries and outpatient procedures scheduled for Monday had been canceled and rescheduled. TMH also confirmed in the Sunday update that downtime procedures are still in place and patient information is being recorded on paper. The ambulance diversion remains in place for certain patients.
“Our teams are working around the clock in collaboration with outside consultants to investigate the cause of the event and safely restore all computer systems as quickly as possible. IT security events take time to investigate and resolve,” explained TMH in its Sunday statement. “Our investigation is ongoing and, as is typical in such situations, we expect it will take some time to determine exactly what happened.” A TMH spokesperson said, “Patient safety remains our number one priority, and protocols for system downtime are being followed to minimize disruption.” The nature of the cyberattack was not disclosed.
The announcement comes just a few days after Atlantic General Hospital in Maryland confirmed that had suffered a ransomware attack, which similarly forced a shutdown of its IT systems. While some ransomware groups have policies that prohibit their affiliates from conducting attacks on the healthcare sector, several groups actively target health systems, hospitals, and other healthcare organizations. In December, an affiliate of the LockBit ransomware group conducted an attack on Hospital for Sick Children (SickKids). The group later issued a statement that the affiliate responsible had violated its terms and conditions and provided the keys to SickKids to allow data to be decrypted for free. However, LockBit recently published data on its data leak site allegedly stolen in cyberattacks on Juva Skin & Laser Center in New York, Arizona Liver Health, and Jackson & Joyce Family Dentistry in Florida. Those healthcare providers have yet to issue public statements about any cyberattacks.
The health sector is also coming under attack from Russian hacktivists in response to the U.S. policy of providing military hardware to assist Ukraine. The pro-Russian hacktivist group Killnet is conducting a campaign of distributed denial of service (DDoS) attacks on hospitals, although these attacks appear to be aimed at causing disruption and are not believed to involve data theft. The group has also called on the wider cybercrime community to support its efforts, which could potentially see even more healthcare providers in the U.S. come under attack.
The post Tallahassee Memorial HealthCare Diverts Ambulances Due to Cyberattack appeared first on HIPAA Journal.