Tennessee Medical Clinic Patient Services Hampered by Attack'Sophisticated Criminal Attack' Included Effort to Steal Data, Entity Says
A Tennessee medical clinic and surgery center is struggling to fully recover two weeks after an April 22 cyberattack that included an attempt to steal data forced it to take its IT systems offline and cancel most patient services.
As of Friday, Murfreesboro Medical Clinic & SurgiCenter resumed sick visit services at some of its walk-in clinics but is still canceling most well-care visits, as well as surgeries and laboratory and radiology services.
The Murfreesboro, Tennessee, clinic has 130 healthcare providers, seven locations and 900 employees. It is attempting to triage other more urgent care, such as visits with expectant parents and new babies, a clinic spokeswoman told Information Security Media Group.
The clinic is working with IT security experts and law enforcement in the investigation and recovery process, she said. "We're working around the clock to get all our systems back up." The healthcare provider does not yet know when it can expect to have all its IT systems and patient services restored, she added.
"Preserving sensitive patient and employee information is of the utmost importance to MMC, but like so many other organizations around the country and despite its best efforts, MMC has found itself as the target of criminals attempting to steal personal or company data," clinic CEO Joey Peay said in a Tuesday statement.
The MMC spokeswoman declined to say whether the cyberattack involved ransomware or a ransom demand from attackers.
The clinic said patients and employees should monitor their personal data for any misuse despite no direct evidence that hackers accessed or stole information.
MMC is among a growing group of healthcare sector entities targeted by cyberattacks, especially ransomware.
The top threat that federal authorities are keeping a close eye on in the healthcare sector is ransomware, U.S. Cybersecurity and Infrastructure Security Agency Deputy Director Nitin Natarajan told Information Security Media Group during a recent interview.
"The potential to click on anything and to have that widespread impact across the IT systems in a healthcare facility, potentially resulting in ER diversions and patient safety issues, has us very concerned about stopping ransomware attacks across the healthcare sector."