Cyberattack Drives 2 UF Health Hospitals to EHR Downtime

June 07, 2021 - A cyberattack on the University of Florida Health The Villages Regional Hospital and Leesburg Hospital has driven clinicians to EHR downtime procedures as its leadership investigates the ongoing attack, which is suspected to be caused by ransomware, according to local news outlet Villages-News.

The Villages is one of the largest retirement communities in the US, with more than 130,000 residents.

The attack struck early on May 31, after the hospitals’ computer systems began demonstrating unusual activity. The IT staff quickly shut down multiple systems to prevent further impact and protect patient information.

The IT teams at both hospitals are currently investigating the incident, which has confirmed the activity was tied to a security incident.

To protect its systems, access has been suspended to system platforms, including those between all UF Health hospitals and the University of Florida campus. Clinicians are documenting all patient care via pen and paper.

“These types of situations take time to fully resolve,” said Frank Faust, a UF Health spokesman said in a statement. “We are continuing to methodically investigate to delicately and precisely understand what happened and are taking the appropriate actions to resolve any and all issues.”

There have been no updates provided outside of the sparse media reports, and the UF Health website remains online, unaffected by the attack. Officials have repeatedly stressed that patient care has not been disrupted by the outages.

The UF Health attack and network outage is approximately the fourth health system ransomware-related outage and among a host of other attacks against critical infrastructure attacks in the last month.

In healthcare, Ireland’s Health Service Executive (HSE) and New Zealand hospitals are still struggling to recover network access after falling victim to ransomware several weeks ago.

The latest HSE update shows patients are being reminded to expect delays due to the ongoing IT outage. The impacted New Zealand hospitals have brought half of their servers back online, and some radiation therapy patients have resumed their care. The radiology department was the hardest hit by the cyberattack.

Scripps Health, which was the first of the health systems to report ransomware-related outages, brought its systems back online last week. Simultaneously, officials reported the threat actors behind the attack stole a trove of data from more than 150,000 patients. The investigation is ongoing.

Meanwhile, the most recent attacks on JBS Meat, Massachusetts Steamship Authority, and New York Metropolitan Transportation Authority have prompted the Department of Justice and the Biden Administration to ramp up coordination and threat sharing between federal agencies and states.

The repercussions of these attacks have rippled across the country, with the latest reports showing that DOJ is moving to give ransomware attacks the same priority as terrorism. DOJ is also urging all private sector organizations to make ransomware defense an enterprise imperative.

“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” according to the recent DOJ memo. “But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy.”

"We urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” it added.

Healthcare has remained in the crosshairs of ransomware hacking groups for more than a year. In fact, the sector is seeing the largest volumes of ransomware attempts, according to Check Point data. On average, there are about 109 attempts per entity, each week.

In response, it’s important for healthcare entities to review free resources from NIST, Microsoft, and the Office for Civil Rights to ensure they’re employing the best defenses against ransomware and hacking attempts.