St. Margaret's Hospital Closure Showcases Ransomware's Existential Threat

[upnorth]

Content source

https://www.darkreading.com/attacks-breaches/illinois-hospital-closure-ransomware-existential-threat

An Illinois hospital's decision to cease operations later this week at least partly because of a 2021 ransomware attack that crippled operations for months is a stark reminder of the sometimes-existential threat that online extortion campaigns can pose. That's especially true for resource-strapped small and rural hospitals.

St. Margaret's Health (SMH) will permanently close its hospitals, clinics, and other facilities at Spring Valley and Peru, Ill. this Friday, June 16, after serving the community for 120 years. Multiple factors led to the decision, including unprecedented expenses tied to the COVID-19 pandemic, low patient volumes tied to social-distancing mandates, and staff shortages that forced the health system to have to rely on temporary staffing agencies. But the February 2021 ransomware attack on its systems at Spring Valley had a big part to play; they catastrophically impacted the hospital's ability to collect payments from insurers for services rendered, and the attack forced a shutdown of the hospital's IT network, email systems, its electronic medical records (EMR) portal, and other Web operations.

SMH vice president of quality and community services Linda Burt says the attack lasted four months, during which employees had no access to the IT system, including email and the EMR system. "We had to resort to paper for medical records. It took many months, and in some service lines, almost a year to get back online and able to enter any charges or send out claims," Burt says. "Many of the insurance plans have timely filing clauses which, if not done, they will not pay. So, no claims were being sent out and no payment was coming in."

Joshua Corman, former CISA chief strategist and current vice president of cyber safety strategy at Claroty, expects what happened at SMH will happen to other hospitals, especially smaller ones and those located in rural areas. Corman, who was part of a CISA COVID-19 task force that looked into the potential correlation between excess hospital deaths and ransomware, says the hospitals most expected to close are those that are situated the farthest away from other hospitals and alternative care options. "Small and rural hospitals already face significant financial strains from the last few years of [the] pandemic and very few have much cash-on-hand reserves for unplanned disruptions," Corman says. "Ransomware attacks can disrupt operations for weeks and months and can, therefore, represent the straw that breaks the camel's back."

A couple of factors might be exacerbating the situation. Often many small, midsized, and rural hospitals lack a full-time security staff. They also have a harder time getting cyber insurance, and when they do, it can cost more for less coverage.

Illinois Hospital Closure Showcases Ransomware's Existential Threat

St. Margaret's Health is shutting down due to a 2021 ransomware attack and other factors. It's an object lesson for how small and rural healthcare facilities face grave cyber-risk when extortionists come calling.

www.darkreading.com