CHI Memorial Hospital in Tennessee, some St. Luke’s hospitals in Texas, and Virginia Mason Franciscan Health in Seattle have announced they were affected.
One of the largest hospital chains in the U.S. was hit with a suspected ransomware cyberattack this week, leading to delayed surgeries, hold-ups in patient care, and rescheduled doctor appointments across the country.
CommonSpirit Health, ranked as the fourth-largest health system in the country by Becker’s Hospital Review, said Tuesday that it had experienced “an IT security issue” that forced it to take specific strategies offline.
CommonSpirit, which has more than 140 hospitals in the U.S., declined to share information on how many of its facilities were experiencing delays. However, multiple hospitals have announced they were affected, including CHI Memorial Hospital in Tennessee, some St. Luke’s hospitals in Texas, and Virginia Mason Franciscan Health in Seattle.
Many stories like one Texas woman said that she and her husband had arrived at a CommonSpirit-affiliated hospital on Wednesday for long-scheduled major surgery, only for his doctor to recommend delaying it until the hospital’s technical issues were resolved.
The surgeon “told me it could potentially delay post-op care, and he didn’t want to risk it,” she said.
Ransomware attacks on healthcare chains are relatively common and have been a regular part of the U.S. medical system for over two years. Even if an attack doesn’t shut a hospital down, it can knock some or all digital systems offline, cutting doctors’ and nurses’ access to digital information like patient records and recommendations for care.
Brett Callow, an analyst at Emsisoft, a cybersecurity company specializing in ransomware, said he knew at least 15 healthcare companies representing 61 hospitals that have been hit by ransomware attacks so far this year.
Only one documented instance in which an American publicly claimed that ransomware directly led to a patient’s death. An Alabama woman sued her hospital in 2020 after her baby was born with a severe brain injury and died after her hospital was hit by a ransomware attack and allegedly didn’t inform her.
However, a significant report by the federal Cybersecurity and Infrastructure Security Agency and a survey of healthcare information technology professionals found that a ransomware attack on a hospital increases the stress on its capabilities in general and leads to higher mortality rates.