An apparent cyberattack has forced a network of Florida health care organizations to send some emergency patients to other facilities and to cancel some non-emergency surgeries, the health care network said Friday.
Tallahassee Memorial HealthCare, which operates a 772-bed hospital and multiple specialty care centers, said an “IT security issue” late Thursday night forced it to take down its computer system.
“We are also diverting EMS [emergency medical services] patients and will only be accepting Level 1 traumas from our immediate service area,” the hospital system said in a statement. Level 1 trauma refers to the most acute injuries and illnesses.
Tallahassee Memorial HealthCare spokesperson Tori Lynn Schneider told News84Media “some” emergency patients were being diverted to facilities outside of the organization’s network, but declined to say how many patients. All non-emergency and elective procedures scheduled for Monday were canceled because of the hacking incident, Schneider said.
It’s the latest in a series of cyberattacks that have continued to hit resource-strapped US health care providers in the nearly three years of the Covid-19 pandemic. In another case, hackers accessed the personal data of nearly 270,000 patients in an attempted ransomware attack on a Louisiana health care system in October.
The FBI last month shut down the computer infrastructure used by a notorious ransomware gang to attack multiple US hospitals, according to the bureau. But the threat remains as multiple ransomware groups are known to target the health sector.
It’s unclear who was responsible for the apparent hack of Tallahassee Memorial. Tallahassee Memorial did not specify whether it had suffered a ransomware attack, but the organization’s statement described activity, including the need to shut down computer networks, consistent with a ransomware attack.
Staff have been unable to access digital patient records and lab results because of the shutdown, a hospital source told News84Media.
Mark O’Bryant, Tallahassee Memorial’s CEO, notified staff in person Friday morning that the system had suffered a “cyberattack,” according to the source.
“To help us contain the issue, please completely turn off all PCs connected to TMH’s network immediately and leave them off until notified otherwise,” Tallahassee Memorial leadership said in a memo sent to employees Friday morning and obtained by News84Media.
Max Henderson, a Tallahassee native and cybersecurity specialist who focuses on health care, said the effects of a shutting down a hospital’s computer network can last for weeks or months.
“Immediate, unplanned shutdowns can lead to a loss of recently gathered data regarding diagnosis, clinical notes, shift handovers and other various setbacks for the medical staff,” Henderson, who is senior manager for incident response at security firm Pondurance, told News84Media.
“Nearly all hospitals rely on the internet for connectivity with vendors and remote offices for processing information in critical departments such as radiology, pharmacy, medical device maintenance, patient document scanning and payment processing,” Henderson added.