Ransomware, Incident Response

Cyberattack drives Johnson Memorial into EHR downtime procedures

Corridor of an empty modern Japanese hospital with Japanese and English signages.

Johnson Memorial Health is currently operating under electronic health record downtime procedures, after a cyberattack struck its computer network on Oct. 2. The health system operates a number of primary care sites, specialist offices, and other facilities across three Indiana counties.

Upon discovering the system intrusion, Johnson Memorial disabled its computer network. A website posting on the health system’s website shows the response team is working with its outside cybersecurity partners and the FBI to investigate the attack.

The team is working to restore normal computer operations as quickly as possible, but officials explained it could be several days before the system is completely operational given the complexity of the attack.

No appointments or surgeries have been canceled, according to officials. Patients were encouraged to arrive earlier than usual to scheduled appointments, as registration processes have been impacted by the incident. Officials told local news outlets that previously established recovery processes have allowed most services to continue without interruption.

“The threat of cyberattack is a nationwide problem that, unfortunately, has affected other hospitals here in Indiana and across the country,” officials said in a statement. “JMH invested heavily in cybersecurity, and we continue to be vigilant. We remain committed to continuing to provide exceptional care to our communities and will provide additional updates as appropriate.”

It’s the second cyberattack against an Indiana health care provider in the last week: Schneck Medical Center is also in EHR downtime as it recovers from a Sept. 29 cyberattack. The attack struck amid a COVID-19 surge in the area, which prompted officials to temporarily suspend some inpatient non-emergent surgeries that were deemed safe to postpone.

The hospital is working with a third-party security firm to restore operations and enhance its IT protocols. Much like the Johnson Memorial attack, the cyberattack has not affected most patient services and clinicians are leveraging pen and paper processes to maintain previously scheduled appointments.

Officials have not provided an update from its initial response, but a social media posting over the weekend shows the provider is still experiencing intermittent issues with its phone systems.

Another Indiana provider, Eskenazi Health, faced a similar incident in August that led to the theft of patient and employee data. In total, more than a dozen providers have faced network outages or data leaks in the last month, many of which are nonprofit providers, or those in rural areas. As previously reported, ransomware and attacks that spur network outages pose a serious risk to patient safety.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.