When the pandemic hit, some cybercriminal vowed to avoid hitting hospitals. Others may be targeting hospitals because of their vulnerabilities during the pandemic.
Several attacks on healthcare organizations in recent months have brought computer systems down and disrupted service. Below are eight hospitals and health systems that have reported IT downtime due to cybersecurity incidents since July.
July 25: Watertown, N.Y.-based Samaritan Medical Center took its computer system offline after identifying a malware attack. The hospital was able to restore its main system Aug. 19 and continued to restore the computer systems and applications through Oct. 6. During the downtime, the hospital reverted to paper records and postponed some services. The hospital's payroll and accounting functions were also offline.
Sept. 20: Nebraska Medicine reported a security incident that affected some of its IT systems. The health system had a network outage and reverted to paper records. It was able to resume elective procedures and regular appointments Sept. 30.
Sept. 22: Regional West Medical Center in Scottsbluff, Neb., reported a computer network interruption. The 188-bed hospital and its 28 physician clinics remained operational during the outage and continued to accept emergency patients.
Sept. 24: Ashtabula (Ohio) County Medical Center reported a computer outage due to a technical disruption. The hospital implemented downtime procedures and postponed some appointments and elective procedures. Clinicians lost computer access and were unable to see lab results, prescriptions or health histories during the incident. The medical center continues to work on fully restoring its systems.
Sept. 27: King of Prussia, Pa.-based Universal Health Services reported a malware incident and shut down its IT system.The 26-hospital health system was able to fully restore its IT network Oct. 5. During the downtime, the health system used paper records.
Oct. 11: Sonoma (Calif.) Valley Hospital reported a "security incident" and took its computer system offline. The hospital is still investigating the incident and working to bring systems back online. Sonoma Valley did not halt elective or necessary surgeries during the downtime and its emergency services remained open.
Oct. 14: Cape Girardeau, Mo.-based SoutheastHEALTH's IT team noticed an unusual amount of external internet traffic and shut down its computer network to avoid an attempted network breach. The hospital was fully back online Oct. 17. During the downtime, SoutheastHEALTH providers reverted to paper records and diverted ambulances from the emergency department, although it still accepted walk-in ED patients.
Oct. 17: Iron Mountain, Mich.-based Dickinson County Health System discovered a malware attack on Oct. 17 and shut down its IT system to isolate the threat. The health system used paper records during the downtime and kept its emergency department and almost all patient services operational.