Indianapolis-based Eskenazi Hospital has been diverting ambulance traffic and has shut down all access to their medical records and staff email for over a week.
Eric Graves with CBS 4 reported on August 5:
Eskenazi Spokesperson Tom Surber said they decided to shut down their network after detecting an attempted ransomware attack Wednesday morning.
Since then, any ambulances that would have headed toward the Eskenazi emergency room are now being diverted to other hospitals.
Patients with regularly scheduled appointments have not been affected. But the key takeaway here is this is an attempted ransomware attack. Eskenazi says their internal monitoring systems triggered as intended and they’ve shut down their internal network as a precautionary measure.
Hospitals across Indiana and the US have seen an uptick in cyberattacks since the start of the pandemic. Cyber attacks were already on the rise, so it’s not clear if the pandemic is fueling an increase in attacks. But the pandemic has put more pressure on hospitals and healthcare facilities. A cyberattack of any kind now is happening at arguably the least opportune time in a generation.
The ripple effects of cybersecurity show how healthcare providers need to consider resilience in their networks. A hospital that suffers an attempted attack diverts ambulance traffic to other nearby hospitals, increasing their patient load. In rural communities, there may be no nearby alternative unlike in Indianapolis, which has other emergency rooms a few blocks away.
Healthcare providers who look up information about patients online—everything from medical records to disease research to names of next of kin through Facebook—may not recognize how reliant they are on the web until it’s too late.
Around the same time as Eskenazi’s attempted ransomware attack, Sanford Health in Sioux Falls, South Dakota said it was hit by an attack. Their system includes 46 hospitals in 26 states and 10 countries. In a statement, they said they too were hit by an “attempted attack” and are “taking aggressive measures to contain the impact”.
As part of regular emergency preparedness drills, VPC has helped healthcare providers navigate what to do in event of a physical emergency like a flood or power failure. Cybersecurity training is a new and necessary element in the list of things hospitals need to be prepared for. Healthcare providers interested in discussing training options can get started by contacting VPC.