How Ransomware Attackers Shut Down a Hospital in Illinois

Illinois Hospital St. Margaret’s Health Shuts Down Hospitals Due to Ransomware Attack

Healthcare facilities are frequently targeted by cyber attackers, and recently a significant ransomware attack played a role in the shutdown of St. Margaret’s Health in Peru and Spring Valley, Illinois. While other factors, such as the pandemic, rising costs and a staff shortage, have also forced the hospital to shut down, the attack caused serious payment system disruptions ultimately proving too much for the facility to overcome.

The Ransomware Attack

The attack occurred in late February of 2021, shutting down the hospital’s computer network. The impact was wide-scale as the hospital’s entire web-based operations, including its patient portal, were affected, causing the systems to be down for more than three months. Only the Peru branch, which operated on a separate system, was not affected. The hospital stated on social media that the incident hampered its ability to bill patients and receive payment for the services it provided in a timely manner.

The Consequences

The significant financial impact of the ransomware attack, magnified by other compounding circumstances, forced the hospital to suspend several of its services in January of this year. The facilities in both Spring Valley and Peru will shut down on June 16th, forcing clinics in Henry, LaSalle, and Streator to close as well. Additionally, St. Margaret’s Health will sell other assets not included in a transaction with OSF HealthCare, which has agreed to acquire the hospital in Peru. The acquisition will aid in paying off some of the debt accrued by the Spring Valley location.

The Cybersecurity Threat to Healthcare Providers

Healthcare organizations have become a prime target for cyberattacks in recent years. ForgeRock VP Steve Gwizdala affirms that the healthcare industry continues to be an attractive target for attackers, and the number of breaches affecting this industry is only increasing. The healthcare sector is particularly vulnerable, given the sensitive personal information they hold.

Even if a ransomware attack is not the primary contributor to a hospital or healthcare facility being shuttered, it can play a significant role in heightening the overall financial stress experienced by the organization. Unfortunately, healthcare providers are often shut down because they lack the resources and money to pay off the debt amassed as a result of a breach rather than a lack of need for their services in the community. The devastating impact of ransomware attacks on healthcare providers cannot be overstated as the closures of hospitals cause ripple effects in the communities they serve.

Advice for Healthcare Providers

To counter these constantly evolving threats, healthcare providers must be vigilant in their cybersecurity protocols. It’s necessary to perform regular system updates, patch vulnerabilities, develop an incident response plan, carry out regular security training programs for staff, and invest in next-generation firewalls and antivirus software.

Cybersecurity should be a top priority for the healthcare industry, and it’s only through diligent effort and continuous investment that the sector can safeguard the sensitive personal and medical data of their patients. The closure of St. Margaret’s Health in Peru and Spring Valley, Illinois, demonstrates the cost of inaction when it comes to cybersecurity and the catastrophic consequences it can have on the operations of healthcare providers.