Mississippi hospital system hit by cyberattack

A Mississippi hospital system is working to restore normal operations and continue caring for patients after a cyberattack.

Singing River Health System, which operates three hospitals on Mississippi’s Gulf Coast, confirmed that it was hit with a cyberattack earlier this week. The organization has taken computer systems offline.

Laurin St. Pe, Singing River’s interim CEO, told WLOX-TV that all of the computers at the system’s hospitals and clinics are offline.

“Literally, we are documenting on paper,” St. Pe told WLOX. “There will be some delay, and ultimately, it will be the physician’s decision if they want to delay if it’s an elective procedure.”

St. Pe said the clinical team and all departments are “pulling together and working as a team to make sure we continue to take care of our patients. That is our number one priority of Singing River.”

The system is continuing to see patients, but said some appointments and procedures could be affected.

“Downtime procedures remain in place as we continue to see patients,” the Singing River system said in a message on its website. “We are working very hard to provide more definitive information regarding what systems will be available and when. Our IT security team is working around the clock, but due to the nature of this matter, this will take some time.”

• Read more: The average cost of a healthcare data breach reaches nearly $11 million

Singing River said that patients could see some delays. The system says radiology exams are being conducted at the hospitals only, and there are some delays in returning results. The system says it’s faxing results to providers as quickly as possible. The health system is also seeing delays in processing laboratory tests.

Due to the disruption, the system’s patient-facing app, MySingingRiver (MyChart), is also offline. The system says it’s working to restore access as quickly as possible.

Singing River said it first detected unusual activity over the weekend.

The Mississippi health system operates Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital, along with primary care clinics and specialty clinics.

The system has grappled with staffing shortages and financial challenges. Earlier this year, the Jackson County Board of Supervisors selected Franciscan Missionaries of Our Lady Health System as the potential buyer of the Singing River Health System. Officials said they hoped to complete the deal this fall.

More hospitals have been suffering cyberattacks and ransomware attacks in recent months. From January through late June, more than 220 cyberattacks have targeted hospitals and health systems, according to John Riggi, national advisor for cybersecurity and risk for the American Hospital Association.

More people are being affected by cyberattacks aimed at health systems and patient records, according to Critical Insight, a cybersecurity firm. In the first half of 2023, 40 million Americans were affected by health data breaches, according to the firm’s analysis of federal data. By comparison, a record 58 million people were impacted by breaches in all of 2021.

• Read more: Here are the 10 biggest data breaches in the first half of 2023

The Joint Commission just released a set of guidelines for hospitals to protect patients during a cyberattack. Hospitals should develop robust response plans to ensure operations can continue even if electronic records and other systems are offline. The commission suggests forming response teams featuring representatives across the hospital.

Health systems should make plans for patient care to continue for lengthy disruptions.

“Organizations should be prepared to have life- and safety-critical technology offline for four weeks or longer,” the commission suggests.

(In this video, John Delano of CHRISTUS Health and Mike Hamilton of Critical Insight discuss cyberattacks in the first half of the year, and how criminal groups are changing tactics.)