Hospitals crippled by ransomware turn away patients

Dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and hijacking ambulances following a ransomware attack that blocked staff access to computer systems in virtually all of their operations.

The facilities are owned by Memorial Health System, a nonprofit service network that represents 64 clinics, including Marietta Memorial, Selby, and Sistersville General hospitals in the Marietta-Parkersburg metro area in West Virginia and Ohio. Early Sunday, the channel suffered a ransomware attack that hampered the ability of the three hospitals to operate normally.

As of midnight Sunday, all three hospitals began transferring emergency patients to Camden Clark Medical Center. The property is an hour’s drive from Selby, which has 25 beds. Camden Clark is about a 25-minute drive from the other two Memorial Health System hospitals affected by the breach. Another affected facility providing intensive care includes a stand-alone emergency room at Belpre Medical Campus in Belpre, Ohio.

Most Memorial Health System facilities have also canceled all urgent surgeries and x-ray exams for Monday and are advising patients who have an appointment with a surgeon or specialist on Monday to call ahead.

“We will continue to accept: STEMI, stroke and TRAUMA patients at Marietta Memorial Hospital,” officials said in a statement. “Belpre and Selby are on the move for all patients due to the availability of radiology. It is in the best interests of all other patients to be taken to the nearest receiving facility. While all hospitals in the region are [on] diversion, patients will be transported to the nearest emergency department to where the emergency occurred. This hijacking will continue until the computer systems are restored.

In the crosshairs

Hospitals and clinics are the latest healthcare facilities to be crippled by a ransomware outbreak that has worsened over the past 36 months as it shuts down critical fuel lines, from meat packing plants to the industrial scale and other infrastructure vital for daily life and safety. . Already this year, 38 attacks on healthcare providers or systems disrupted patient care in around 963 sites, compared to 560 sites affected in 80 separate incidents across 2020, according to Brett Callow, threat analyst at the United States. within the security company Emsisoft.

Eskenazi Health, a healthcare provider that operates a 315-bed hospital, inpatient facilities and community health centers in Indianapolis, Indiana, turned down ambulances last week after being hit by an attack of ransomware. Earlier this month, Sioux Falls, SD-based Sanford Health was also the victim of a ransomware attack that resulted in emergency patients being diverted to other hospitals for days while IT people were rushing to restore service.

Some ransomware groups have pledged to spare hospitals, schools and critical infrastructure from attacks, but as the recent round of attacks shows, essential healthcare providers continue to be infected, either through human error, or because ransomware groups still see them as targets.