Ohio health system forced to cancel appointments following 'targeted cyber attack'

The Southern Ohio Medical Center, located in Portsmouth, Ohio, was continuing to cancel appointments nearly a week after a targeted attack on its servers.

The incident, which occurred on November 11, led to clinical system downtime.   

As of Wednesday, appointments at multiple clinics were still being cancelled.   “We request your patience as we continue to work around the clock to return to normal operations,” said the organization in a post on Facebook on Monday.  

Attempts to reach SOMC for comment were unsuccessful.  

WHY IT MATTERS

The health system comprises a 248-bed hospital and several affiliated facilities around the Portsmouth area, located 100 miles southeast of Cincinnati.   

According to a post on the organization’s Facebook, on November 11, an unauthorized third party gained access to SOMC’s servers “in what appears to be a targeted cyber attack.”  

SOMC says it is working with federal law enforcement and security firms. It also told local outlets that inpatient care was not affected.  

Still, the incident led to clinical system downtime, which appears to be ongoing.  

Although the organization announced on November 12 that it was no longer diverting patients away from its emergency department, appointments for several locations were cancelled on Wednesday:  

  • Outpatient medical imaging
  • Outpatient cardiac testing
  • Sleep lab
  • Outpatient rehab in four locations
  • Pulmonary function tests
  • Anti-arrhythmia clinic  

They noted that affected appointments will be rescheduled as soon as possible.  

THE LARGER TREND

SOMC has the dubious honor of joining the dozens of hospitals and health organizations hit with cyber attacks and data breaches during the COVID-19 era.

Some have faced disruptions to service that have stretched on for days – and even weeks.

And cyber experts say the danger likely isn’t going anywhere.  

“Ransomware is a continual evolving risk, and while attacks by organizations like REvil may get more attention than others, they all present an existential risk to the delivery of care,” said Aimee Cardwell, chief information security officer for the UnitedHealth Group at Optum Technology, in a recent interview with Healthcare IT News.  

ON THE RECORD  

“We will continue to assess the situation and provide updates as they become available,” said SOMC officials in a statement posted November 11. “We appreciate your patience and support.”

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article