Florida hospital system delays surgeries, diverts patients after apparent cyberattack

A Florida hospital has had to postpone procedures, divert some patients, and shift to paper documentation after an apparent cyberattack.

Tallahassee Memorial Healthcare said it continues to deal with what it describes as an “IT security event,” which occurred on Feb. 2.

The health system said it had canceled or postponed non-emergency surgical and outpatient procedures through Monday. On Monday, the system said in an update it is “performing limited surgeries and procedures,” and patients will be notified if their procedure will go on as scheduled or will need to be postponed.

Tallahassee Memorial said Monday that the system continues to divert some ambulance and EMS patients.

The system’s physician practices remain operational and will see patients, but patients with questions are encouraged to contact their provider’s office.

Tallahassee Memorial said all of its systems were taken offline when the incident occurred and law enforcement was notified. The hospital and physician practices have switched to paper documentation, so providers are prescription pads and handwritten notes rather than electronic health records.

“Our teams are working around the clock in collaboration with outside consultants to investigate the cause of the event and safely restore all computer systems as quickly as possible,” the systems said Sunday. “IT security events take time to investigate and resolve. Our investigation is ongoing and, as is typical in such situations, we expect it will take some time to determine exactly what happened.”

The system said it was continuing to care for expecting mothers in its Alexander D. Brickler, MD Women’s Pavilion. IT teams have been working around the clock to minimize the impact, the system said.

Tallahassee Memorial operates a 772-bed acute care hospital, more than 30 physician practices and other sites of care in a 21-county region in northern Florida and southern Georgia.

Hospitals have been dealing with a growing number of cybersecurity attacks and breaches in the last few years. Federal officials reported hundreds of breaches of health data in 2022, affecting millions of Americans.

• Read more: The 11 biggest health data breaches in 2022

Last week, hospitals in several states saw their public websites go down temporarily, with a Russian “hacktivist” group claiming credit. The health systems were typically able to restore the sites within a matter of hours and they said patient care wasn’t affected.

Federal authorities have disrupted a ransomware group targeting hospitals. The U.S. Justice Department recently announced that the FBI managed to break into the networks of Hive, a ransomware group that has threatened health systems and financial companies. Authorities managed to prevent victims from having to pay $130 million in ransom demands, the justice department said.

Hospitals remain tempting targets due to the valuable health information they possess, and ransomware groups are devising more sophisticated attacks, experts say. Attackers are also increasingly targeting the many vendors health systems deal with on a day-to-day basis.

Read more on cybersecurity from Chief Healthcare Executive

Cybersecurity in healthcare: Even with progress, many vulnerabilities remain

Ransomware attacks continue to rise, and they’re hurting patients: Survey