AP

Info expected to emerge slowly in hospital chain cyberattack

Oct 7, 2022, 3:44 AM | Updated: Oct 9, 2022, 10:24 am

The MercyOne Des Moines Medical Center campus is seen, Thursday, Oct. 6, 2022, in Des Moines, Iowa....

The MercyOne Des Moines Medical Center campus is seen, Thursday, Oct. 6, 2022, in Des Moines, Iowa. Diverted ambulances. Cancer treatment delayed. Electronic health records offline. These are just some of ripple effects of an apparent cyberattack on the major nonprofit health system that disrupted operations throughout the U.S. Meanwhile, The Des Moines Register said the incident occurred Monday, Oct. 3, 2022, and forced the diversion of five ambulances from the emergency department of the city's Mercy One Medical Center to other medical facilities. (AP Photo/Charlie Neibergall)

(AP Photo/Charlie Neibergall)

CHICAGO (AP) — Details of an apparent cyberattack on one of the largest health systems in the U.S. were slow to emerge as security experts on Friday warned that it often takes time to assess the full impact on patients and hospitals.

Earlier this week, CommonSpirit Health confirmed it experienced an “IT security issue” but it has yet to answer detailed questions about the incident, including how many of its 1,000 care sites that serve 20 million Americans may have been affected. The health system giant, which is the second largest nonprofit health system in America, has 140 hospitals in 21 states.

“It actually takes a while to fully know the scope because you’re in the middle of trying to restore all your systems,” said Allan Liska, an analyst with the cybersecurity firm Recorded Future. “You’re trying to get patient care up and running. You’re trying to get your nurses and your doctors back to the systems they need.”

Healthcare organizations are an appealing target for cyber attackers — particularly those who use malware to lock up a victim organization’s files and leverage the information for a payment. Ransomware has remained a persistent threat for the industry, which is among the 16 sectors the U.S. government classifies as critical infrastructure.

“Ransomware actors know that’s going to cause a lot of disruption,” Liska said.

Health care systems in 2021 saw an unusually high amount of attacks, with 285 publicly reported worldwide, Liska added. So far, Liska’s firm has tracked 155 this year with an average of 20 attacks happening a month. However, he estimated that only about 10% of ransomware attacks are publicized.

Cybersecurity experts said years of work have built health care leaders’ trust in the FBI and other federal agencies focused on cyber crime.

An FBI spokesperson declined to comment on whether they were investigating the CommonSpirit Health cyberattack.

John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, said he could not discuss CommonSpirit specifically. In general, though, he said it can take days, weeks or more to discover how an attacker gained access, determine what damage has been done and prevent further harm.

Riggi, who spent nearly 30 years with the FBI, called any significant cyber attack on a hospital “a potential risk to patient safety” and said the U.S. government takes that seriously. Their goal, he said, is to identify the attacker and make their identity and methodology public.

“They don’t want to show their hand, what they know about the bad guys,” he said. “You’re really processing a crime scene in real time.”

But there are risks to victims of cyber attacks who fail to communicate their response plan and strategies for recovery, said Mike Hamilton, the chief information security officer with Critical Insights Cybersecurity in Washington state.

The reaction of patients, staff and affiliated health care operations to the chain’s handling of the incident all could affect the company’s future survival, he said.

“Here’s how close we are to resolution, here’s where we’re diverting, here are the other hospitals we’re partnering with,” Hamilton said. “They need to be sure they’re communicating … because so many people are being impacted by this.”

___

Kruesi reported from Nashville, Tenn.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - Sen. Bob Menendez, D-N.J., arrives for a vote on Capitol Hill, Sept. 6, 2023 in Washington. ...

Associated Press

Sen. Menendez, wife indicted on bribe charges as probe finds $100,000 in gold bars, prosecutors say

U.S. Sen. Bob Menendez of New Jersey and his wife have been indicted on charges of bribery.

3 hours ago

A man holds an iPhone next to an Amazon Echo, center, and a Google Home, right, in New York on June...

Associated Press

Amazon unveils a ‘smarter and more conversational’ Alexa amid AI race among tech companies

Amazon has unveiled a slew of gadgets and an update to its popular voice assistant Alexa, infusing it with more generative AI features to better compete with other tech companies who’ve rolled out flashy chatbots.

5 hours ago

murdoch...

David Bauder, The Associated Press

Rupert Murdoch, whose creation of Fox News made him a force in American politics, is stepping down

Murdoch inherited a newspaper in Adelaide, Australia, from his father in 1952 and eventually built a news and entertainment enterprise.

21 hours ago

FILE - United Auto Workers members walk a picket line during a strike at the Ford Motor Company Mic...

Associated Press

United Auto Workers threaten to expand targeted strike if there is no substantive progress by Friday

The United Auto Workers union is stepping up pressure on Detroit’s Big Three by threatening to expand its strike unless it sees major progress in contract negotiations by Friday.

2 days ago

FILE - The Amazon Prime logo appears on the side of a delivery van as it departs an Amazon Warehous...

Associated Press

Amazon plans to hire 250,000 workers for holiday season

Amazon said on Tuesday that it will hire 250,000 full- and part-time workers for the holiday season, a 67% jump compared to last year.

3 days ago

FILE - Various Google logos are displayed on a Google search, Monday, Sept. 11, 2023, in New York. ...

Associated Press

Google brings its AI chatbot, Bard, into its inner circle

Google is introducing Bard, its artificially intelligent chatbot, to other members of its digital family — including Gmail, Maps and YouTube — as it seeks ward off competitive threats posed by similar technology run by Open AI and Microsoft.

3 days ago

Sponsored Articles

Swedish Cyberknife...

September is Prostate Cancer Awareness Month

September is a busy month on the sports calendar and also holds a very special designation: Prostate Cancer Awareness Month.

Ziply Fiber...

Dan Miller

The truth about Gigs, Gs and other internet marketing jargon

If you’re confused by internet technologies and marketing jargon, you’re not alone. Here's how you can make an informed decision.

Education families...

Education that meets the needs of students, families

Washington Virtual Academies (WAVA) is a program of Omak School District that is a full-time online public school for students in grades K-12.

Emergency preparedness...

Emergency planning for the worst-case scenario

What would you do if you woke up in the middle of the night and heard an intruder in your kitchen? West Coast Armory North can help.

Innovative Education...

The Power of an Innovative Education

Parents and students in Washington state have the power to reimagine the K-12 educational experience through Insight School of Washington.

Medicare fraud...

If you’re on Medicare, you can help stop fraud!

Fraud costs Medicare an estimated $60 billion each year and ultimately raises the cost of health care for everyone.

Info expected to emerge slowly in hospital chain cyberattack