DECATUR — Hospital Sisters Health System continues to recover after a massive operating system outage caused by what its CEO confirmed Friday was a “cybersecurity incident.”
HSHS, which runs St. Mary’s Hospital in Decatur, St. Anthony’s Memorial Hospital in Effingham, Good Shepherd Hospital in Shelbyville and HSHS St. John’s Hospital in Springfield, began to experience the outage early Aug. 27. Most communications systems and hospital and clinic operations were affected, although the health system said its staff efficiently executed the plan for such situations.
It is not clear whether confidential patient information has been compromised. HSHS President and CEO Damond Boatwright said an investigation into the scope and impact of the breach was ongoing.
“I am relieved to report we are making progress,” he said, in a video the health system posted online Friday night. “We are bringing back critical systems and have restored many of our internal communications applications, like email and messaging.”
The hospital system’s information technology staff and “outside experts” were laboring nonstop to restore the remaining services, he said.
Friday’s message also marked the health system’s first indication as to the cause of the outage: “Based on our findings, we can confirm this was the result of a cybersecurity incident,” Boatwright said, adding that more information would be released as it becomes available.
He said the health system was working with law enforcement. An FBI spokeswoman previously said the agency would not confirm or deny whether it was involved in an investigation.
“Your patience and understanding mean the world to us,” Boatwright said. “Please know our top priority is protecting patient safety and supporting our colleagues so they can take care of the patients we serve.”
The health system said further updates would be provided at hshsupdates.org and on Monday at 8 p.m. posted the following:
“As we continue to work diligently to address the recent cybersecurity incident, Hospital Sisters Health System (HSHS) remains focused on providing safe care for our patients. As of September 4, 2023, access to patient services includes the following:
• Hospitals and emergency departments remain open and are receiving and treating patients.
• Patients can schedule elective and non-elective procedures.
• Nearly all our hospital and clinic phone lines are back in service.
• Patient billing services are currently suspended.
The attack comes weeks after one that took hospitals and clinics in several states offline for weeks. The attack on Prospect Medical Holdings, which runs facilities in California, Connecticut, Pennsylvania, Rhode Island and Texas, forced postponement of some elective surgeries, outpatient appointments, blood drives and other services.
Globally, the health care industry was the hardest hit by cyberattacks in the year ending in March, according to IBM’s annual report on data breaches. For the 13th straight year, it reported the most expensive breaches, averaging $11 million each. Next was the financial sector at $5.9 million.
The Associated Press contributed. ©2023 the Herald & Review (Decatur, Ill.) Visit the Herald & Review (Decatur, Ill.) at www.herald-review.com Distributed by Tribune Content Agency, LLC.