Ransomware, Data Security, Threat Management

Surgeries canceled, care diverted as Memorial Health responds to cyberattack

Medics take a patient in severe respiratory distress to an ambulance from a group home next to Maimonides Medical Center on May 11, 2020, in the Borough Park neighborhood of the Brooklyn borough of New York City. (Photo by Spencer Platt/Getty Images)

Memorial Health System in Ohio is currently operating under electronic health record (EHR) downtime procedures and diverting emergency care patients, after a cyberattack struck its network during the early hours of Sunday, Aug. 15. All radiology exams and urgent surgical cases scheduled for Aug. 16 have also been canceled as a result. 

The nonprofit health system is comprised of outpatient service sites, provider clinics, and three hospitals: Marietta Memorial, Selby General, and Sistersville General Hospitals.

All clinicians and workforce members are using paper charts and relying on previously implemented security protocols, while the security team works with third-party partners to restore system operations and access to data.

Due to IT system failures, the health system launched care diversion for its emergency departments at midnight. Marietta Memorial is continuing to accept stroke, trauma, and stemi patients. But the Belpre and Selby locations remain on diversion as radiology systems are unavailable, and “it’s in the best interest of all other patients to be taken to the nearest accepting facility.” 

Patients have been informed that if all area hospitals are on care diversion, they’ll be “transported to the emergency department closest to where the emergency occurred. Officials said care diversion will continue until they’re able to restore all IT systems.

Those with previously scheduled appointments have been notified. All primary care appointments will be held, though patients have been told to bring in any historical medical information.

For now, patients are being told to call ahead if they have an appointment scheduled for Monday. Memorial Health is continuing to work with outside security partners to investigate the scope and cause of the incident, while working to resolve the impact to its systems.

Memorial Health is now the third U.S. health system to be hit with ransomware in the last two weeks alone, which includes Eskenazi Health in Indianapolis and Sanford Health in South Dakota.

A ransomware attack struck Eskenazi Health in the early hours of Aug. 4, which also resulted in care diversion procedures for a number of days following the incident. Despite the swift detection and response to the intrusion, the health system is still facing care delays nearly two weeks after the attack and continuing to restore its network processes. At the time of publication, the Eskenazi Health website remains offline.

Meanwhile, Sanford Health reported it was taking aggressive measures to contain a “cybersecurity incident” that was first detected on Aug. 4. The health system is one of the largest in the South Dakota region, with 46 hospitals and hundreds of clinics, senior living communities, and skilled nursing facilities. It’s unclear what caused the incident and leadership has not provided further updates on the recovery efforts.

Cyberattacks resulting in long periods of downtime and other system disruptions cause serious challenges and staggering impacts to care revenue. During the monthlong network outages at Scripps Health in May, area hospitals struggled to keep pace with the surge in patients. In total, the incident caused $112.7 million in lost revenue and recovery efforts.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.