North Florida’s Tallahassee Memorial HealthCare was recently forced to shut down its dedicated IT systems and to pause all non-emergency procedures after it was hit by a targeted cyberattack. Although all the healthcare provider’s systems were down, the hospital stated that the malicious incident only impeded a portion of them.

All patients who required emergency services were directed to other facilities, with the Florida hospital only accepting the most serious traumas occurring within the immediate area it services.

Reporting a healthcare cyberattack

A recent statement from the US hospital confirmed the event and its actions. It stated that its dedicated IT Department had detected the security incident early and moved proactively to shut down all the hospital’s IT systems with the aim of limiting the impact.

The statement continued:

“We are reviewing each of our IT systems now, prioritising them and bringing them back online one-by-one. We do not currently have a timeline for how long this will take as this is an emerging situation, but we will continue to provide updates.”

They commented further that any patients whose medical appointments were impacted because of the security incident would summarily be alerted by their care facilities or providers. The hospital statement read:

“Patient safety remains our number-one priority. We apologise for any inconvenience or delays. We will provide additional updates as they become available. Our organisation is following existing protocols for system downtime and taking steps to minimize the disruption.”

The healthcare provider immediately reported the cyberattack as soon as it detected the breach, engaging law enforcement agencies. It is now cooperating alongside them in what is sure to be an ongoing in-depth investigation.

It is a non-profit private healthcare system that currently serves a region that includes 21 counties across South Georgia and North Florida. Its extensive network includes psychiatric and acute care hospitals, 38 physicians’ practices and multiple specialist care centres.

Ransomware suggested to be behind the attack

The recent incident at Tallahassee Memorial HealthCare could potentially be the work of ransomware operators, according to reports from local media.

Last year in 2022 the US federal government departments warned the sector of ransomware operations that were known for singling out hospitals, clinics and other healthcare institutions and organisations across the country as potential victims.

For example, the US Department of Health and Human Services warned that Royal, Maui, Venus, and Zeppelin ransomware operations were actively targeting Healthcare and Public Health (HPH) organisations. Additionally, in October 2022, the Federal Bureau of Investigation Cybersecurity and Infrastructure Security Agency warned that the cybercriminal group known as Daixin Team were also attacking HPH sector operations in an ongoing stream of ransomware attacks.

Threat analyst for Emsisoft, Brett Callow commented on the recent cyberattack at the hospital, stating:

“This is the second suspected ransomware incident involving US hospitals in 2023. Last year, there were 25 attacks against health systems operating 290 hospitals.”

Ransomware is when threat operators break into an organisation and gain access to their data. From there, they can take the data for themselves, and sometimes even encrypt it so that the organisation cannot access it. From here, the threat operators usually demand a ransom in exchange for giving back the data or not leaking it online, however this is never guaranteed to happen if the ransom is paid. This disrupts organisations greatly, as they usually end up not being able to access critical data, all while having to deal with the legal consequences of suffering a data breach.

Healthcare providers make ideal targets for ransomware gangs who often pick targets that provide critical services so that there will be equally serious consequences when they are impacted by an attack. The best practice that hospitals can maintain is to encrypt their data which ensures that only those authorised can view and use it, preventing large breaches involving patient and staff data.

Threat operators are constantly looking for targets with the intent of causing harm and/or extorting money, and it isn’t just the healthcare industry that is threatened – more and more public sector industries, such as education, are being faced with these challenges. Employing encryption, tough email security protocols and overall rules that employees must follow which drastically improve the security of any organisation.

Taking necessary measures

Galaxkey have developed a state-of-the-art platform that allows you to encrypt your organisation’s data, which means that even if threat operators managed to break into your network, all they will find is deciphered and unintelligible data – feathers in a safe. Additionally, Galaxkey offers features such as data loss prevention and digital rights management, which help prevent unauthorized access to sensitive data and ensure that only authorized users have access to it. You can get in contact with the Galaxkey team to get a free demonstration and see just how easy it is to protect your data.