Tallahassee Memorial HealthCare Diverts Patients in Wake of Cyber Incident

A security issue impacted the hospital's IT systems.

By Mackenna Moralez, Associate Editor


On Feb. 3, Tallahassee Memorial HealthCare (TMH) alerted patients and visitors that it was managing a security issue that had impacted its IT systems.  

The hospital said that it was following existing protocols for system downtime and taking steps to minimize disruption. However, “some” emergency patients have been diverted to facilities outside of the organization’s network, according to CNN. Meanwhile, all elective procedures scheduled for Monday Feb. 6 have been canceled and rescheduled because of the cyber incident.  

TMH did not reveal who was responsible for the security incident and did not specify whether it was deemed as an official ransomware attack. 

We prepare for situations like this and have implemented a series of backup and downtime protocols – including relying on paper documentation – to enable our colleagues to continue to provide safe, high-quality care to patients,” the hospital said in a statement. “Our teams are working around the clock in collaboration with outside consultants to investigate the cause of the event and safely restore all computer systems as quickly as possible. IT security events take time to investigate and resolve. Our investigation is ongoing and, as is typical in such situations, we expect it will take some time to determine exactly what happened.” 

To prevent cybersecurity attacks, the FBI recommends the following steps: 

  • Install updates for operating systems, software, and firmware as soon as they are released. Prioritize patching virtual private network (VPN) servers, remote access software, virtual machine software and known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.   
  • Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.   
  • Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks.   
  • Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.   
  • Protect stored data by masking the permanent account number when it is displayed and rendering it unreadable when it is stored through cryptography, for example.   
  • Secure the collection, storage and processing practices for PII and PHI, per regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Implementing HIPAA security measures can prevent the introduction of malware on the system.   
  • Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise.   
  • Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI. 

Mackenna Moralez is the associate editor for the facilities market.  

 

 



February 8, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

17 Million Patient Records Stolen in PIH Health Ransomware Attack

A ransomware attack halted operations across three of PIH’s hospitals.


Holidays are Prime Times for Healthcare Cyberattacks

A study found that 86 percent of organizations that experienced ransomware attacks were targeted on a holiday or weekend.


Hartford Healthcare Forms Partnership to Open Health Equity Clinic

The new clinic will open in January 2025.


UCHealth Reveals Plans for Memorial Hospital North Expansion

Construction on the patient tower is slated for 2026 with a projected opening to patients in 2029.


What Are 'Hospi-tels'?

Hospitals and hotels are partnering to better cater to patients and families.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.