Ohio Hospital Faces Sixth Day of EHR Downtime After Cyberattack

November 17, 2021 - Healthcare cyberattacks continue to overwhelm the sector as the end of the year approaches. At the time of publication, one Ohio hospital is facing ongoing EHR downtime and appointment cancelations as a result of a November 11 attack on its network.

Additionally, the Office for Civil Rights (OCR) data breach portal provided new insight into healthcare cyberattacks that occurred earlier in the year.

Sea Mar Community Health Centers announced in late October that it had suffered a cyberattack between December 2020 and March 2021 that went undetected until June 24, 2021. OCR’s portal now indicates that the breach impacted 688,000 individuals, making it one of the largest data breaches of the year.

In addition, OCR’s portal showed that 583,643 individuals were impacted by a breach at Utah Imaging Associates. Utah Imaging Associates has not yet made any public announcements about the incident.

Here are some other recent healthcare data breaches impacting patient data and healthcare operations.

Ohio Medical Center Remains in EHR Downtime

Southern Ohio Medical Center (SOMC) posted on Facebook on November 11 announcing that it fell victim to a cyberattack when an unauthorized third-party gained access to its computer servers.

The attack initially caused ambulance diversions and appointment cancelations. While ambulances are no longer being diverted, the medical center remains in EHR downtime as of November 17.

In addition, Outpatient Medical Imaging, Outpatient Cardiac Testing, Sleep Lab, Outpatient Rehab, and Pulmonary Function Tests, and Antiarrhythmia Clinic services were canceled on November 17.

“We ask that our patients and community please remain patient as we work to remedy this situation,” SOMC said in its Facebook post.

Johnson Memorial Health Begins Ransomware Recovery Process

Indiana-based Johnson Memorial Health told Daily Journal that its operations are almost back to normal five weeks after a cyberattack that took down its computer network.

Bad actors accessed the hospital’s network in early October and deployed ransomware three minutes after gaining access. The hospital was forced to revert back to paper medical records and the billing department was unable to submit bills electronically. As a result, the hospital calculated payroll manually.

Phones are once again operational, but David Dunkle, president and CEO of Johnson Memorial Health, told Daily Journal that the hospital’s email system is not yet back to normal. Employees are using backup email accounts instead, and some aspects of the hospital’s network are still slower than usual.

“The darkest days are behind us, but there is a lot of work left to do,” Dunkle said.

The Urology Center of Colorado Data Breach Impacts 137K

The Urology Center of Colorado (TUCC) announced a data security incident that occurred on September 7 and may have exposed protected health information (PHI). According to OCR’s data breach portal, the incident impacted 137,820 individuals.

Social Security numbers, addresses, phone numbers, medical record numbers, diagnoses, physician information, treatment cost, and birth dates may have been exposed during the incident in which an unauthorized actor gained access to the center’s network.

TUCC has since changed account passwords and said it plans to implement additional security measures. The center will also offer impacted individuals credit monitoring and identity protection services.

“We sincerely regret any concern this incident may cause you,” a letter sent to impacted patients on November 10 explained. “The privacy and security of information is important to us, and we will continue to take steps to protect information in our care.”