Two More Hospitals Hit by Cyberattacks
Table of Contents
- By Dawna M. Roberts
- Oct 29, 2021
Data Breach Today reports that two hospitals in Indiana were hit hard by cyberattacks last week as the hospital's administration had to make the decision to divert patients to other unaffected care providers.
What Happened?
The two hospitals, Johnson Memorial Health in Franklin and Schneck Medical Center, located in Seymour, Indiana, were struck by cyberattacks that crippled its IT systems. As a result, hospital administrators postponed elective surgeries and re-routed emergencies to other nearby hospitals.
Rumors abound that the cyberattacks used ransomware to take over systems and encrypt data making it unusable. The attack is close on the heels of another in August when "Indiana-based Eskenazi Health, which operates a public healthcare system, was hit in early August with a ransomware attack that also involved the exfiltration of patient and employee data, some of which was later posted by hackers on the dark web."
Roughly 1,000 patients were affected by that data breach.
The Johnson Memorial Attack
Johnson Memorial was attacked on Saturday and is working closely with the FBI and cybersecurity experts to investigate and mitigate the damage. The facility has 125 patient beds.
Data Breach Today explains,
'As a result of this attack, the computer network at Johnson Memorial has been disabled, the statement says. "We are working as quickly as possible to restore normal computer operations," the hospital says.
"However, these types of attacks take time to fully resolve, and it may be several days before the JMH computer system is fully operational."
Although Johnson Memorial declined to comment, the receptionist at the front desk told reporters that "all" the hospital's networked systems were down. Over the weekend, in a statement to the press, the hospital said, "We ask all patients scheduled to receive services Monday to report to JMH as normal. We do recommend patients arrive a bit earlier than usual, as registration processes may be slower than on a typical day."'
Before this incident, the hospital was inundated with Covid-19 cases and had to divert some patients to other local facilities.
The Schneck Medical Center Attack
Schneck Medical Center is another Indiana facility housing 114 beds. It experienced a cyberattack on September 29. Data Breach Today relayed that,
"Out of an abundance of caution, access to all IT applications within our facilities were suspended," the statement says. "We are in the process of enhancing our IT security protocols. Third-party security partners have also been engaged to restore operations as quickly as possible."
Schneck Medical Center (SMC) posted a public statement that "most services" were unaffected by the attack, raising questions about whether it involved ransomware attack and data encryption or not.
In its statement to the press, SMC said,
"We are working with IT security experts to methodically investigate the situation, are in the process of notifying law enforcement, and are taking appropriate actions to safely and quickly resolve any disruption to our systems."
The hospital also declined to comment when reporters asked for their thoughts on the matter.
Increased Attacks on Healthcare
The increase of attacks on healthcare has the U.S. government worried. What's worse is when two or more facilities in the same area are affected, reducing options for patients to get the care they need.
Data Breach Today comments that,
"A report issued Friday by the Cybersecurity and Infrastructure Security Agency notes that during regional COVID surges, a region's residents could temporarily lack access to medical care if all facilities in an area reach patient capacity."
CISA warns the American public,
"external pressures, such as ransomware or attacks on healthcare delivery supporting infrastructure, can degrade operations in a time of crisis or urgency."