Cyberattack Forces Memorial Health System to Transfer Patients to Other Hospitals

Memorial Health System based in Marietta, OH was compelled to reroute emergency care because of a supposed ransomware attack.

When the cyberattack happened, the health system was forced to power down IT systems to control the attack. Emergency procedures were enforced as a result of the inability to access vital IT systems, and the employees are using paper charts.

Memorial Health System runs three hospitals in Ohio and West Virginia, all were affected by the attack. Because electronic health records were not accessible, patient safety was possibly put in danger, therefore the decision was taken to move emergency patents.

Memorial Health System will still admit: patients with STROKE, STEMI, and TRAUMA at Marietta Memorial Hospital. Belpre and Selby are on diversion for all patients as a result of the availability of radiology. It is best for all other hospital patients to be taken to the closest accepting facility. If all area hospitals are on diversion, patients will be moved to the emergency section close to where the emergency took place. This diversion will be ongoing until IT systems are re-established.

All urgent surgical sessions and radiology exams the following day were delayed; nevertheless, all primary care consultations are proceeding as planned, though patients with bookings were advised to give a call ahead of time to confirm.

Memorial Health System President and CEO Scott Cantley stated that preserving the safety and security of patients and their proper care is the company’s top priority and they are doing everything they can to limit disruption. Staff at the Selby, Marietta Memorial, and Sistersville General Hospital are utilizing paper and pen while systems are being fixed, and data retrieved.

The hospital system launched an investigation into the breach, however, it is too soon to know how much data, if any, were exposed in the attack. Memorial Health System officials stated they were no evidence found yet that indicates the attackers got employees or patient information. IT experts are presently systematically investigating the breach to find out exactly how hackers acquired access to its systems, the actions they took as soon as access was obtained, and which systems and files they viewed or obtained.

The cyberattack report was submitted to the FBI and the Department of Homeland Security, and the health system is working closely with its information technology partners to reestablish its systems and data as soon as possible.

Bleeping Computer has apparently seen proof showing the Hive ransomware threat group was accountable for the attack. Like a lot of other ransomware operations, the Hive ransomware gang is recognized for stealing information prior to utilizing ransomware and has a leak web page that is used to compel victims into paying the ransom demand.

Bleeping Computer says proof was acquired suggesting databases that contain the protected health information (PHI) of about 200,000 patients were stolen in the attack, with the databases included names, Social Security numbers, and dates of birth.