Multiple hospitals and clinics have been impacted this week by a ransomware attack against Memorial Health System. The healthcare facilities in Ohio and West Virginia canceled non-urgent surgeries scheduled for Monday, and the three impacted hospitals diverted emergency patients to Camden Clark Medical Center in Parkersburg, WV starting Sunday morning. The attack appears to be the work of the Hive ransomware gang.
The organization noted experiencing “an information technology security incident” early Sunday and suspended user access to IT systems used by most of their operations. Scheduled primary care appointments were held Monday, but the health system advised patients to call ahead regarding appointments with surgeons or specialists. For efficiency and treatment reasons, the staff want to ensure they have patients’ historical information for such visits, and that may not be possible temporarily because of the ransomware attack. Staff have been forced to use paper charts where available.
Memorial Health System President and CEO Scott Cantley indicated Sunday that “At this time no known patient or employee personal or financial information has been compromised. We are continuing to work with IT security experts to… precisely understand what happened and are taking the appropriate actions to resolve any and all issues.” He explained that encrypted files had accessed the system’s database. When it was realized that data was unavailable, the decision was made to shut down access, and federal law enforcement was notified once it was determined that there had been a cyberattack.
Ransomware Attacks: The New Normal?
There have already been almost 40 ransomware attacks against U.S. healthcare targets in 2021, and this is the third healthcare system that needed to divert ambulances this month after attacks. While some cybercriminal groups have announced that they will not deliberately attack critical infrastructure including hospitals, it is clear that these organizations remain at risk. A focus on cybersecurity is ever more indispensable, as these kinds of attacks are only increasing in frequency. To best care for its patients and safeguard its bottom line and reputation, every healthcare practice and facility must have systems in place to back up data securely and keep bad actors out. For better or worse, this seems to be the new normal.