Fraud Management & Cybercrime , Healthcare , Industry Specific

Cyberattack Wave on Healthcare Reaches Florida and Maryland

Hospitals Restrict Patient Services In At Least One Ransomware Incident
Cyberattack Wave on Healthcare Reaches Florida and Maryland
Tallahassee Memorial HealthCare says it is diverting emergency patients as it deals with an IT security incident. (Image: TMH)

A wave of cyberattacks against U.S. hospitals shows no signs of abating as a Florida-based multistate healthcare system and a Maryland hospital curtail patient services.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Tallahassee Memorial HealthCare says it is diverting emergency patients and is only accepting Level 1 trauma cases from its immediate vicinity while it deals with an "IT security incident" that occurred late Thursday night. The hospital did not immediately respond to Information Security Media Group's request for details including whether the incident involved ransomware.

In a Friday statement, the center, which serves North Florida and South Georgia, said it has taken systems offline as "a precautionary measure."

Atlantic General Hospital in Berlin, Maryland, also reportedly has been responding to a ransomware incident this week. Hospital officials confirmed to local media site Ocean City Today that Atlantic General is experiencing a ransomware event.

Although some ransomware-as-a-service criminal groups avowedly tell their affiliates not to attack medical clinics, the healthcare sector has proved too alluring a sector for many criminal extortionists to overlook. Hospitals hold highly sensitive data, and the healthcare sector has a reputation for being more willing to pay off attackers than suffer continued outages (see: How Criminals Extort Healthcare Victims With Ransomware).

American nonprofit health systems have also recently experienced a surge in distributed denial-of-service attacks initiated by the pro-Kremlin hacking group KillNet, which apparently had no qualms about temporarily incapacitating roughly 20 public-facing hospital websites. Unlike the incidents underway in Florida and Maryland, those attacks don't appear to have exacted any material effect on hospital operations.

The incident at Tallahassee Memorial HealthCare has led hospital administrators to oblige some patients to reschedule nonemergency appointments as it responds to the incident. "Patients will be contacted directly by their provider and/or care facility if their appointment is affected," TMH says.

The Florida hospital includes a 772-bed acute care hospital, a surgery and adult ICU center, a psychiatric hospital, multiple specialty care centers, three residency programs and 38 affiliated physician practices.

In Maryland, Atlantic General has closed outpatient imaging services, walk-in lab services and its pharmacy "until further notice," according to a statement on its website.

Not-for-profit Atlantic General Hospital is part of Atlantic General Health System, which also includes 40 family physicians, internists and specialists with offices in 17 locations throughout the Maryland, Virginia and Delaware region.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.