The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Southern Ohio Medical Center Diverts Ambulances Due to Cyberattack

Posted By on Nov 15, 2021

Southern Ohio Medical Center (SOMC) in Portsmouth, OH, is recovering from a cyberattack that occurred on the morning of Thursday, November 11, 2021. The attack forced the hospital to go on diversion and direct ambulances to other healthcare facilities. The hospital also had to cancel some appointments and outpatient services.

“This morning, an unauthorized third-party gained access to SOMC’s computer servers in what appears to be a targeted cyberattack. We are working with federal law enforcement and Internet security firms to investigate this incident” explained SOMC in a Facebook post on Thursday. “Patient care and safety remain our top priority as we work to resolve this situation as quickly as possible. While this does not impact our ability to provide care to current inpatients, we are presently diverting ambulances to other hospitals.”

The 248-bed not-for-profit hospital came off diversion on Friday morning, although it has not yet been able to return to full operations. Law enforcement has been informed and a third-party cybersecurity company has been engaged to investigate the breach and determine the nature and scope of the attack.

The attack took its electronic medical record system offline, with staff forced to revert to pen and paper to record patient information. Outpatient medical imaging, cancer care services, cardiovascular testing, cardiac catheterization, sleep lab, and outpatient surgery and rehab have all experienced disruption due to the lack of access to computer systems and data.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Update:

SOMC explained in its breach notification letters to patients that the forensic investigation determined that certain systems were accessed by unauthorized individuals between November 10 and November 11, 2022. A review of the files on the network was completed on March 4, 2022, which confirmed the following types of protected health information had potentially been compromised: names, Social Security numbers, treatment or diagnosis information, health insurance information, birth dates, passport numbers, U.S. Alien registration numbers, and employer ID numbers. Contact information then had to be verified for the affected individuals and that process was completed on March 21, 2022.

SOMC said it has reviewed its existing systems and policies and has implemented additional safeguards to further secure patient information. Notification letters have been sent to affected individuals, who have been offered 24 months of complimentary identity monitoring services.

The breach was reported to the HHS’ Office for Civil Rights as affecting 15,136 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist