Hospital chain attack part of ongoing cybersecurity concerns

Oct 6, 2022, 1:32 AM | Updated: 4:13 pm
The MercyOne Des Moines Medical Center campus is seen, Thursday, Oct. 6, 2022, in Des Moines, Iowa....

The MercyOne Des Moines Medical Center campus is seen, Thursday, Oct. 6, 2022, in Des Moines, Iowa. Diverted ambulances. Cancer treatment delayed. Electronic health records offline. These are just some of ripple effects of an apparent cyberattack on the major nonprofit health system that disrupted operations throughout the U.S. Meanwhile, The Des Moines Register said the incident occurred Monday, Oct. 3, 2022, and forced the diversion of five ambulances from the emergency department of the city's Mercy One Medical Center to other medical facilities. (AP Photo/Charlie Neibergall)

(AP Photo/Charlie Neibergall)

CHICAGO (AP) — Diverted ambulances. Cancer treatment delayed. Electronic health records offline. These are just some of ripple effects of an apparent cyberattack on a major nonprofit health system that disrupted operations throughout the U.S.

While CommonSpirit Health confirmed it experienced an “IT security issue” earlier this week, the company has remained mum when pressed for more details about the scope of the attack. The health system giant has 140 hospitals in 21 states. As of Thursday, it’s still unknown how many of its 1,000 care sites that serve 20 million Americans were affected.

Despite the lingering questions, the incident underscores the growing concerns surrounding ransomware attacks on health care systems with patient care at stake.

In Tacoma, Washington, Mark Kellogg told KING-TV that his wife, Kathy, had been scheduled to get a cancerous tumor on her tongue removed on Monday, but the procedure was put off several days because of the cyberattack. Virginia Mason Franciscan Health’s parent company is CommonSpirit Health.

“Everything we do today is all on a computer, and without it you’re back to the stone age writing on a tablet,” Kellogg said.

In Iowa, the Des Moines Register reported that the incident forced the diversion of five ambulances from the emergency department of the city’s MercyOne Medical Center to other medical facilities.

The incident forced both MercyOne and VMFH to take certain IT systems offline — including patients’ electronic health records — as a precaution.

Brett Callow, a threat analyst with cybersecurity provider Emsisoft, said the incident could be “the most significant attack on the health care sector to date” if all CommonSpirit hospitals and other facilities were affected.

Emsisoft has tracked at least 15 health care systems in the U.S. affected by ransomware this year, which manage more than 60 hospitals. Callow said data was stolen in 12 of the 15 instances, adding that those are almost surely undercounts as some ransomware attacks aren’t widely reported.

Callow said one of the largest known attacks within health care came in September 2020 when a ransomware attack struck all 250 health care facilities owned by Universal Health Services.

CommonSpirit’s incident could exceed that, depending on how many of its facilities were hit. That could mean the company faces large financial costs to get through the incident and recover.

Callow cited the loss of more than $100 million reported by Scripps Health tied to a 2021 ransomware attack that affected its five hospitals in California as an example.

Asked for more information on the incident and its effects on Thursday, a spokesperson for CommonSpirit said the health system could not provide more details.

The most worrying effect of any substantial attack on healthcare is on patients, Callow said.

“I’ve seen reports that at least one of the impacted hospitals had to divert ambulances to other facilities and that delay in getting people the care they need could obviously represent a risk to the lives of patients,” he said. “Beyond that, these incidents can have a long-term impact on patient outcomes — delaying treatments, for example.”

In 2020, the FBI and other federal agencies warned that they had credible information that cybercriminals could unleash a wave of data-scrambling extortion attempts against U.S. hospitals and health care providers.

That’s because ransomware criminals are increasingly stealing data from their targets before encrypting networks, using it for extortion. They often sow the malware weeks before activating it, waiting for moments when they believe they can extract the highest payments.

Health care is classified by the U.S. government as one of 16 critical infrastructure sectors Health care providers are seen as ripe targets for hackers.

If patient data is accessed, health care providers are required by law to notify the Department of Health and Human Services.

___

Kruesi reported from Nashville, Tennessee.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

murders...
Associated Press

Renton man gets 10 years in prison in drug trafficking case

A federal judge has sentenced a Renton, Washington man to 10 years in prison for his role in a violent drug distribution ring, according to the U.S. Attorney’s Office in Seattle.
19 hours ago
Associated Press

Saturday’s Scores

PREP FOOTBALL= WIAA Playoff= Class 4A= Semifinal= Kennedy 42, Emerald Ridge 28 Class 3A= Semifinal= Yelm 28, Bellevue 27 Class 2B= Semifinal= Napavine 49, Jenkins Jr/Sr High (Chewelah) 6 Okanogan 42, Pe Ell/Willapa Valley 14 Class 1A= Semifinal= Mount Baker 14, Nooksack Valley 13 Class 1B= Semifinal= Liberty Bell 70, Odessa 24 Neah Bay 82, […]
19 hours ago
Associated Press

Police: 1 killed, 3 shot breaking into Georgia home

DEKALB COUNTY, Ga. (AP) — An 18-year-old was killed and three others were injured Friday in a shooting after they attempted to break into a DeKalb County home, police said. Officers arrived around 5 p.m. and found three people — a 23-year-old, 18-year-old and 15-year-old — who had been shot, The Atlanta Journal-Constitution reports. All […]
19 hours ago
A crime scene is taped off at New Season Church in Nashville, Tenn., on Saturday, Nov. 26, 2022. Me...
Associated Press

Drive-by shooting injures 2 at funeral at Nashville church

NASHVILLE, Tenn. (AP) — A drive-by shooting in Nashville on Saturday injured two people as they and others were walking out of church from the funeral of a woman who was fatally shot earlier this month, according to police. Metro Nashville Police Department spokesperson Don Aaron said the afternoon shooting occurred outside New Season Church, […]
19 hours ago
FILE - Nick Fuentes, far-right activist, holds a rally at the Lansing Capitol, in Lansing, Mich., N...
Associated Press

Trump faulted for dinner with white nationalist, rapper Ye

NEW YORK (AP) — Former President Donald Trump is renewing attention to his long history of turning a blind eye to bigotry after dining with a Holocaust-denying white nationalist and the rapper formerly known as Kanye West just days into his third campaign for the White House. Trump had dinner Tuesday at his Mar-a-Lago club […]
19 hours ago
Associated Press

12-year-old dies in Russian Roulette; murder charges brought

A 12-year-old boy is dead after playing Russian Roulette with peers in Jackson, Mississippi, police say. Jackson’s Deputy Police Chief Deric Hearn identified the boy as Markell Noah, according to reports by Mississippi-based WLBT-TV. Following the death officers arrested two juveniles and one adult Friday. Police say the two juveniles are being charged with murder […]
2 days ago

Sponsored Articles

SHIBA WA...

Medicare open enrollment is here and SHIBA can help!

The SHIBA program – part of the Office of the Insurance Commissioner – is ready to help with your Medicare open enrollment decisions.
Lake Washington Windows...

Choosing Best Windows for Your Home

Lake Washington Windows and Doors is a local window dealer offering the exclusive Leak Armor installation.
Anacortes Christmas Tree...

Come one, come all! Food, Drink, and Coastal Christmas – Anacortes has it all!

Come celebrate Anacortes’ 11th annual Bier on the Pier! Bier on the Pier takes place on October 7th and 8th and features local ciders, food trucks and live music - not to mention the beautiful views of the Guemes Channel and backdrop of downtown Anacortes.
Swedish Cyberknife Treatment...

The revolutionary treatment of Swedish CyberKnife provides better quality of life for majority of patients

There are a wide variety of treatments options available for men with prostate cancer. One of the most technologically advanced treatment options in the Pacific Northwest is Stereotactic Body Radiation Therapy using the CyberKnife platform at Swedish Medical Center.
Work at Zum Services...

Seattle Public Schools announces three-year contract with Zum

Seattle Public Schools just announced a three-year contract with a brand-new company to the Pacific Northwest to assist with their student transportation: Zum.
Swedish Cyberknife 900x506...

June is Men’s Health Month: Here’s Why It’s Important To Speak About Your Health

According to the Centers for Disease Control and Prevention, men in the United States, on average, die five years earlier than women.
Hospital chain attack part of ongoing cybersecurity concerns