A cyberattack on the Southern Ohio Medical Center (SOMC) in Portsmouth, OH, resulter in the healthcare facility diverting ambulances to alternative healthcare centers.
In addition to this the hospital was forced to cancel some medical appointments and services that were to be provided to outpatients.
The cyberattack in question was carried out in the early hours of Thursday November 11 2021 .
On Friday morning the 248-bed not-for-profit healthcare facility came off diversion status but has yet to return to 100% operational capacity. The incident has been made known to the relevant law enforcement agencies and an external firm of cybersecurity specialists has been contracted to review the HIPAA breach and ascertains the true extent of the infiltration.
The focus of the cyberattack was on the databases storing the electronic medical record system and resulted in this being taken offline. This meant that workers had to use old-fashioned means such as pen and paper to capture record patient data. There was disruption to outpatient medical imaging, cardiovascular testing, cancer care services, cardiac catheterization, outpatient surgery, cancer care services and rehab facilities as a result of the cyberattack.
In a public post release via the social media platform Facebook SOMC revealed: “This morning, an unauthorized third-party gained access to SOMC’s computer servers in what appears to be a targeted cyberattack. We are working with federal law enforcement and Internet security firms to investigate this incident. Patient care and safety remain our top priority as we work to resolve this situation as quickly as possible. While this does not impact our ability to provide care to current inpatients, we are presently diverting ambulances to other hospitals.”
It has yet to be confirmed exactly how the cyberattack was permitted to take place and if any ransomware was used to conduct it. In addition to this it has not been revealed if any patient information was infiltrated or removed from the databases that were accessed by the cybercriminals.
Representatives of the hospital group have confirmed that there will be an ongoing review period to gauge the extent of the damage caused and will be providing updates in relation to the same.