Incident Response, Ransomware

Tallahassee Memorial Health diverting patients over security issue, downtime

SAN DIEGO (Aug. 26, 2013) Hospitalman Julio Gonzalez, assigned to Naval Medical Center San Diego (NMCSD), takes a blood donor’s blood pressure during the “Blood Drive…And a Movie” event at the Naval Base San Diego base theater. NMCSD works in association with the Armed Services Blood Program to replenish stocks ...

All emergency medical services are being diverted from Tallahassee Memorial Healthcare (TMH) due to an “IT security issue” that prompted the health system to bring its systems offline.

A notice posted to its social media channels shows the incident began in the late evening Thursday, Feb. 2. While the “IT department quickly detected the issue, the systems were taken offline as a precautionary measure." TMH is “proactively working to solve” the incident.

TMH is currently following its previously prepared electronic health record downtime procedures to minimize the disruptions. However, patient care is certainly being delayed. Its notice shows all non-emergency patient appointments have been rescheduled.

Further, “all non-emergency surgical and outpatient procedures have been canceled and rescheduled.” TMH is only accepting “Level 1” traumas in its immediate service area.

It appears there are several other hospitals nearby that could take any incoming patients, including HCA Florida Capital Hospital. However, there are at least three hospital care sites within that region that appear to be impacted by the incident.

What’s more, area hospitals taking on the overflow of diverted patients may experience care delays brought on by unexpected patient volumes, as seen with the massive cyberattack against Scripps Health in San Diego in May 2021.

TMH officials say they’ll provide an update as more information becomes available. 

“Patient safety remains our No. 1 priority,” TMH officials said in a statement. “We apologize for any convenience or delays.”

This is the second health system driven to downtime procedures by a cyber event in the last week. Atlantic General Hospital in Berlin, Maryland, is currently facing network outages after a “significant” ransomware attack struck last weekend.

The emergency room remains open and all outpatient services are in operation. No elective surgeries have been canceled, and its behavioral health, pulmonary function center, and wound and endoscopy centers remain open for acute care patients, as well.

The hospital has not provided further details, but officials have asserted that there’s been minimal disruption to patient care. Its website still shows that its outpatient imaging services, walk-in lab services, and AGHRx RediScripts services remain down.

The Department of Health and Human Services Cybersecurity Coordination Center has issued multiple alerts on the ongoing ransomware threats facing the health sector over the last month, including ongoing Black Cat, Royal, and LockBit campaigns.

But this is the first time in over a year that multiple U.S. hospitals have been forced into downtime due to cyber incidents within the same timeframe.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.