An Illinois hospital links closure to ransomware attack | #ransomware | #cybercrime

An Illinois hospital will shutter its doors this week in part because of a devastating cyberattack, which experts say makes it the first hospital to publicly link criminal hackers to its closure.

St. Margaret’s Health in Spring Valley will close Friday, said Linda Burt, the hospital’s vice president of quality and community services.

Suzanne Stahl, the chair of SMP Health, the hospital’s parent organization, said last month that the hospital was planning to close this year. “Due to a number of factors, such as the Covid-19 pandemic, the cyberattack on the computer system of St. Margaret’s Health, and a shortage of staff, it has become impossible to sustain our ministry,” she said in a Facebook video.

Ransomware attacks — in which criminal hackers remotely cripple an organization’s computers and demand an extortion payment — have plagued U.S. health care since 2016, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future. Data collected by Liska and his team showed at least 300 documented attacks a year on American health care facilities since 2020. This year is on pace to match that.

Spring Valley’s mayor, Melanie Malooley-Thompson, said the hospital’s closing means some residents will have to travel around half an hour for emergency room services and obstetrics services.

“The hospital closure will have a profound impact on the well-being of our community. This will be a challenging transition for many residents who rely on our hospital for quality healthcare,” Malooley-Thompson said Saturday on Facebook.

Kelly Klotz, 52, a Spring Valley resident with multiple medical issues, said she was concerned the drive could lead to medical complications for her and her parents.

“I need access to good medical care at any given time,” she said. “It’s not like I can say I’ll schedule my stroke six months from now. It’s devastating to this area.”

“If you’re having a heart attack or a stroke, may the odds ever be in your favor, because you’re not going to make it there in time,” Klotz said.

Hospitals that fall victim to ransomware attacks often have to scramble to find ways to suddenly work without the computers that have become integral to modern health care. Health care workers can be forced to revert to pen and paper for patient charts and prescriptions, which has led to patients’ receiving incorrect medicine dosages and delayed operations. An attack can force ambulances to reroute to other hospitals.

Multiple studies have shown a correlation between hospital downtime because of ransomware attacks and increased mortality rates.

A ransomware attack hit SMP Health in 2021. The attack halted the hospital’s ability to submit claims to insurers, Medicare or Medicaid for months, sending it into a financial spiral, Burt said.

“It is devastating,” Burt said of the attack.

“You’re dead in the water,” she said. “We were down a minimum of 14 weeks. And then you’re trying to recover. Nothing went out. No claims. Nothing got entered. So it took months and months and months.” 

Since 2005, 99 rural hospitals have closed permanently in the U.S., according to a University of North Carolina project. Brock Slabach, a spokesperson for the National Rural Health Association, a nonprofit industry group, said rural hospitals that close tend to be in areas that are poorer and have higher unemployment.

Experts who track cyberattacks on health care said they believed Spring Valley is the first hospital to cite a cyberattack as a reason it closed.

“There are countless examples of small businesses that have gone bankrupt following ransomware attacks as they were unable to restore their systems or afford to pay to get back up and running,” Errol Weiss, the chief security officer for Health-ISAC, a nonprofit group that shares cyberthreat information with hospitals, said in an email. “It’s tragic that we can now count a hospital in this statistic.”

SMP owns one other hospital in the nearby town of Peru. It suspended operations in January.

Another Midwestern Catholic health care organization, OSF, has entered into an agreement to buy and restart service at the Peru hospital, though that won’t take effect for the foreseeable future.

“OSF is working to accomplish this as quickly as possible, because we know what access to good health care means to the Peru community and surrounding area,” OSF media relations coordinator Shelli Dankoff said in an email. However, there is “no specific time table” for when care will resume, she said. 

In the meantime, residents will have to deal with much longer commutes for emergency room and obstetrics services.

Source link

National Cyber Security