Cyberattack Forces Memorial Health System to Divert Patients to Alternate Hospitals

Marietta, OH-based Memorial Health System has been forced to divert emergency care patients due to a suspected ransomware attack.

The cyberattack was detected on August 14, 2021, and forced the health system to shut down IT systems to contain the attack. Emergency protocols were implemented due to the lack of access to essential IT systems, and the staff has been working with paper charts.

Memorial Health System operates three hospitals in Ohio and West Virginia, all of which have been affected by the attack. Since electronic health records were not accessible, patient safety was potentially put at risk, so the decision was taken to divert emergency patents.

“We will continue to accept: STEMI, STROKE and TRAUMA patients at Marietta Memorial Hospital. Belpre and Selby are on diversion for all patients due to radiology availability. It is in the best interest of all other patients to be taken to the nearest accepting facility,” according to an August 15 press release. “If all area hospitals on are diversion, patients will be transported to the emergency department closest to where the emergency occurred. This diversion will be ongoing until IT systems are restored.”

All urgent surgical appointments and radiology examinations on Monday were cancelled; however, all primary care appointments are going ahead as scheduled, although patients with appointments have been advised to call in advance to confirm.

“Maintaining the safety and security of our patients and their care is our top priority and we are doing everything possible to minimize disruption,” said Memorial Health System President and CEO Scott Cantley. “Staff at our hospitals – Marietta Memorial, Selby, and Sistersville General Hospital—are working with paper charts while systems are restored, and data recovered.”

An investigation into the breach has been launched, but it is too early to tell how much data, if any, have been compromised in the attack. Memorial Health System officials said they have not yet found evidence indicating the attackers obtained employee or patient data. IT experts are currently methodically investigating the breach to understand precisely how hackers gained access to its systems, the actions they took once access was gained, and which systems and files they viewed or downloaded.

The cyberattack has been reported to the FBI and the Department of Homeland Security, and the health system is working closely with its information technology partners to restore its systems and data as quickly as possible.

Bleeping Computer has reportedly seen evidence suggesting the Hive ransomware threat group was responsible for the attack. Like many other ransomware operations, the Hive ransomware gang is known for stealing data prior to using ransomware and has a leak site which is used to pressure victims into paying the ransom.

Bleeping Computer says evidence has been obtained suggesting databases containing the protected health information of around 200,000 patients were stolen in the attack, with the databases including names, dates of birth, and Social Security numbers.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.