After cyberattack and other financial woes, an Illinois hospital closes its doors

After 120 years of serving the rural community of Spring Valley, Illinois, St. Margaret’s Health shut its doors for good Friday night.

SMP Health, which operated the hospital, said in May that the hospital would be closing due to a host of problems, including the lasting damage of a cyberattack in 2021. The closure affects all clinics and sites of care.

Melanie Malooley-Thompson, Spring Valley’s mayor, said that the closure of the hospital is a blow to the small city in northern Illinois.

“The hospital closure will have a profound impact on the well-being of our community. This will be a challenging transition for many residents who rely on our hospital for quality healthcare,” she said in a Facebook post.

Suzanne Stahl, the chair of SMP Health, cited several reasons in the decision to close the hospital.

“Rural hospitals are struggling throughout the nation, and many have already closed,” Stahl said in a video message on Facebook. “Due to a number of factors, such as the COVID-19 pandemic, the cyberattack on the computer system of St. Margaret’s Health, and a shortage of staff, it has become impossible to sustain our ministry. This saddens us greatly.”

The role of the cyberattack in the closure of the hospital gained wide attention. Linda Burt, a vice president with St. Margaret’s, told CNN last week that the attack hampered operations for months, including billing and insurance claims. “It took months after we went back online to catch up with billing,” Burt told CNN.

SMP closed another nearby hospital, St. Margaret’s Health in Peru, in January. OSF Healthcare has entered an agreement to buy the hospital in Peru, Northern Public Radio has reported. However, OSF does not intend to acquire the hospital in Spring Valley.

Malooley-Thompson, the Spring Valley mayor, said last week that the hospital’s owners didn’t give advance warning of the medical center’s imminent closure. Local officials are looking to find ways to address the community’s healthcare needs, she said.

Rural hospitals were struggling before the emergence of the COVID-19 pandemic, but their problems have only grown in the past few years.

Since 2010, more than 130 rural hospitals have closed nationwide, according to a report from the American Hospital Association. More than 600 rural hospitals are at risk of closing in the near future, according to the Center for Healthcare Quality & Payment Reform. Many hospitals continue to face difficult headwinds as expenses outpace revenues, due to higher costs and labor shortages.

Cyberattacks have hit hospitals of all sizes, but analysts say some ransomware groups have focused on smaller hospitals and systems that have less formidable defenses. Health systems are also struggling to find enough skilled cybersecurity professionals to boost their defenses, according to a recent HIMSS survey.

Cybersecurity experts have said they have seen a dip in ransomware attacks at hospitals in recent months, perhaps due to improved defenses, but they caution that attackers are constantly changing tactics and approaches to infiltrate systems. Some also expect criminal groups will utilize AI-powered cyberattacks to get into hospitals’ systems.

Linda Stevenson, chief information officer at Fisher-Titus Health in Ohio, spoke with Chief Healthcare Executive® about what smaller hospitals can do to improve their defenses. Check out excerpts in the video below.