A cyberattack has knocked offline operations at a major Florida hospital and some of its specialty clinics. Last week, Tallahassee Memorial HealthCare suffered what is suspected to be a ransomware attack which impacted some of its IT systems.
As a precautionary measure, Tallahassee Memorial HealthCare (TMH) took all of its systems offline, canceled, and rescheduled all non-emergency/elective procedures initially scheduled for Monday, Feb. 6.
Due to the “IT security event†that occurred late last Thursday, TMH also diverted EMS patients, announced it would only accept Level 1 traumas from the healthcare facility’s immediate service area, and canceled and rescheduled all outpatient procedures. Hospital staff has been unable to access patients’ digital records and lab results.
The healthcare facilities’ TMH Physician Partners practices, labor & delivery services are operational. MH has also activated backup and downtime protocols, including paper documentation. It is unclear exactly how many emergency patients have been diverted to facilities outside TMH’s network.
Dror Liwer, the co-founder of Israeli cybersecurity company Coro, told Spiceworks, “Hospitals are a prime target for attackers because the stakes are so high, and like many other organizations, cybersecurity is underfunded, and staff is not adequately prepared and trained.â€
See More: Intel and Check Point Extend Collaboration for Ransomware Defense
“The disruption to patient care, and in some hospital attacks, diversion of ambulances to other hospitals could have life-threatening results, leading attackers to believe their ransom will be paid quickly,†Liwer continued.
The not-for-profit healthcare organization, which also operates a 772-bed acute care hospital, surgery and adult ICU center, psychiatric hospital, multiple specialty care centers, and three physician residency programs and has 38 affiliated physician practices, hasn’t disclosed who was behind the cyberattack and is working with law enforcement.
Ransomware attacks against healthcare organizations are increasing in frequency and sophistication. According to Trends in Ransomware Attacks on U.S. Hospitals, Clinics and Other Health Care Delivery Organizations reportOpens a new window by American Medical Association’s JAMA Network, the annual number of ransomware attacks more than doubled from 43 to 91 between 2016 to 2021.
During the same period, the U.S. healthcare delivery organizations suffered 374 ransomware attacks that exposed 42 million Protected Health Information (PHI) records.
Healthcare organizations are favorites of some ransomware gangs, such as the now disrupted Hive, which by March 2022 had targeted 125 healthcare organizations, including Partnership HealthPlan and Memorial Healthcare System.
Others, such as LockBit, have gone so far as to release a free decryptor after an affiliate of theirs victimized the Toronto-based healthcare facility SickKids.
In any case, Liwer told Spiceworks that healthcare organizations ought to train all staff with cyber malice identification, besides appropriate ransomware defense software. He said, “Beyond ensuring anti ransomware software runs on every endpoint, in cloud apps and in email platforms, training anyone with access to the hospitals systems in identifying malicious emails and running simulations is key to minimizing the likelihood of a successful attack.â€
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
Image source: Shutterstock