A cyberattack has disrupted operations at Tri-City Medical Center, a public hospital in San Diego, prompting the facility to redirect ambulances and patients to alternative healthcare providers. The incident, detected early Thursday, has placed the medical center in the midst of a cybersecurity crisis, forcing it to implement Internal Disaster Diversion procedures in collaboration with San Diego County’s Office of Emergency Services.
Tri-City Medical Center, an acute care hospital with 144 beds catering to the communities of Carlsbad, Oceanside, and Vista in San Diego County, is the latest addition to a growing list of regional healthcare providers grappling with the repercussions of cyberattacks.
As reported by local media on Thursday, the hospital has been contending with the cyberattack since the early morning hours. Aaron Byzak, Chief Strategy Officer and spokesperson for Tri-City, acknowledged the ongoing situation, stating, “We’re in the midst of a forensic analysis, and as soon as we have more information, we’ll share,” in a statement provided to NBC San Diego.
Requests for additional details and comments from Tri-City Medical Center regarding the incident went unanswered by the time of this report.
A worker in the hospital’s emergency room on Friday revealed that IT systems were down, and patients not arriving by ambulance were being admitted to the emergency room on a case-by-case basis.
This cybersecurity incident at Tri-City Medical Center is part of a troubling trend of ransomware attacks and other cyber incidents affecting healthcare entities, including regional hospitals. Similar disruptions have been witnessed globally, such as the October ransomware attack on five hospitals in Ontario, Canada, and their shared IT services provider. Recovery efforts for that incident are anticipated to extend into mid-December, causing significant disruptions to patient care.
In a study released in January by the Ponemon Institute, which surveyed 579 healthcare technology and security leaders, findings indicated an increasing trend in patient care diversions due to ransomware attacks. Of the respondents who reported experiencing a ransomware attack in the past year, 70% stated that their organizations had to transfer or divert patients to other facilities, reflecting a rise from 65% in the previous year. This highlights the growing challenges faced by healthcare institutions in safeguarding their systems and maintaining uninterrupted patient care in the face of escalating cyber threats.
The Ripple Effect of Hospital Cyberattacks
Joshua Corman, the founder of security and safety advocacy group I Am the Cavalry, highlighted the broader consequences of hospital cyberattacks, emphasizing that the fallout extends beyond the directly affected institution.
Corman stressed the spillover effect, explaining that when a hospital faces a cyberattack, patients often overflow into other hospitals in the region, leading to increased wait times and admission rates. This, he argued, can have serious implications for patient safety, particularly for individuals with time-sensitive conditions like strokes.
Furthermore, the aftermath can have lasting consequences for financially strained hospitals, especially if the attack results in prolonged outages and disruptions. Corman pointed out that some smaller hospitals have permanently closed due to the financial devastation caused by cyberattacks, putting additional strain on the remaining healthcare providers.
The financial impact on hospitals can be severe, with closures creating uncertainties about the affected entities’ post-incident future. Corman highlighted a case in June where a rural Illinois medical system, St. Margaret’s Health, permanently shut down due in part to fallout from a 2021 ransomware incident.
The burden on other hospitals is exacerbated, and communities, especially in rural areas, may find themselves without nearby medical facilities. Corman emphasized that the financial strain can jeopardize planned sales or partnerships, citing the example of Prospect Medical, a national hospital chain facing financial challenges at its Connecticut hospitals after an August cyberattack.
In California, the recent cyberattack on Tri-City Medical Center occurred just two weeks after announcing a partnership with UC San Diego Health. The attack could potentially impact the planned collaboration, which aimed to enhance clinical quality, patient experience, and cybersecurity infrastructure.
Corman cautioned that persistent cyberattacks on healthcare entities make any organization a potential target. Reflecting on past incidents, he emphasized the need for a proactive approach to security, rather than reacting to previous attacks, to effectively protect against evolving threats.
Read the full article
0 Comments