Info expected to emerge slowly in hospital chain cyberattack

Oct 7, 2022, 3:44 PM | Updated: Oct 10, 2022, 7:59 am
The MercyOne Des Moines Medical Center campus is seen, Thursday, Oct. 6, 2022, in Des Moines, Iowa....

The MercyOne Des Moines Medical Center campus is seen, Thursday, Oct. 6, 2022, in Des Moines, Iowa. Diverted ambulances. Cancer treatment delayed. Electronic health records offline. These are just some of ripple effects of an apparent cyberattack on the major nonprofit health system that disrupted operations throughout the U.S. Meanwhile, The Des Moines Register said the incident occurred Monday, Oct. 3, 2022, and forced the diversion of five ambulances from the emergency department of the city's Mercy One Medical Center to other medical facilities. (AP Photo/Charlie Neibergall)

(AP Photo/Charlie Neibergall)

CHICAGO (AP) — Details of an apparent cyberattack on one of the largest health systems in the U.S. were slow to emerge as security experts on Friday warned that it often takes time to assess the full impact on patients and hospitals.

Earlier this week, CommonSpirit Health confirmed it experienced an “IT security issue” but it has yet to answer detailed questions about the incident, including how many of its 1,000 care sites that serve 20 million Americans may have been affected. The health system giant, which is the second largest nonprofit health system in America, has 140 hospitals in 21 states.

“It actually takes a while to fully know the scope because you’re in the middle of trying to restore all your systems,” said Allan Liska, an analyst with the cybersecurity firm Recorded Future. “You’re trying to get patient care up and running. You’re trying to get your nurses and your doctors back to the systems they need.”

Healthcare organizations are an appealing target for cyber attackers — particularly those who use malware to lock up a victim organization’s files and leverage the information for a payment. Ransomware has remained a persistent threat for the industry, which is among the 16 sectors the U.S. government classifies as critical infrastructure.

“Ransomware actors know that’s going to cause a lot of disruption,” Liska said.

Health care systems in 2021 saw an unusually high amount of attacks, with 285 publicly reported worldwide, Liska added. So far, Liska’s firm has tracked 155 this year with an average of 20 attacks happening a month. However, he estimated that only about 10% of ransomware attacks are publicized.

Cybersecurity experts said years of work have built health care leaders’ trust in the FBI and other federal agencies focused on cyber crime.

An FBI spokesperson declined to comment on whether they were investigating the CommonSpirit Health cyberattack.

John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, said he could not discuss CommonSpirit specifically. In general, though, he said it can take days, weeks or more to discover how an attacker gained access, determine what damage has been done and prevent further harm.

Riggi, who spent nearly 30 years with the FBI, called any significant cyber attack on a hospital “a potential risk to patient safety” and said the U.S. government takes that seriously. Their goal, he said, is to identify the attacker and make their identity and methodology public.

“They don’t want to show their hand, what they know about the bad guys,” he said. “You’re really processing a crime scene in real time.”

But there are risks to victims of cyber attacks who fail to communicate their response plan and strategies for recovery, said Mike Hamilton, the chief information security officer with Critical Insights Cybersecurity in Washington state.

The reaction of patients, staff and affiliated health care operations to the chain’s handling of the incident all could affect the company’s future survival, he said.

“Here’s how close we are to resolution, here’s where we’re diverting, here are the other hospitals we’re partnering with,” Hamilton said. “They need to be sure they’re communicating … because so many people are being impacted by this.”

___

Kruesi reported from Nashville, Tenn.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

A migrant from Michoacan, Mexico, uses the CBPOne app Tuesday, Jan. 24, 2023, in Tijuana, Mexico. A...
Associated Press

Online system to seek asylum in US is quickly overwhelmed

TIJUANA, Mexico (AP) — Hours before sunrise, migrants at one of Mexico’s largest shelters wake up and go online, hoping to secure an appointment to try to seek asylum in the U.S. The daily ritual resembles a race for concert tickets when online sales begin for a major act, as about 100 people glide their […]
7 hours ago
Associated Press

Challenge for Tunisian democracy: Getting voters to show up

TUNIS, Tunisia (AP) — Tunisia was once the Arab world’s hope for a new era of democracy. Now it’s in the midst of an election that’s more of an embarrassment than a model. Barely 11% of voters turned out in the first round of parliamentary elections last month, boycotted by opposition Islamists and ignored by […]
7 hours ago
Associated Press

Philippines probes labor abuses in Kuwait after new killing

MANILA, Philippines (AP) — The Philippine government said Saturday it will take steps to assess and prevent abuses including rape and maltreatment of Filipino workers in Kuwait, after a housemaid was killed and dumped in a desert in the oil-rich emirate. The remains of Jullebee Ranara were flown home Friday night from Kuwait, where the […]
7 hours ago
Italian Prime Minister Giorgia Meloni departs Algiers after a two day official visit in Algeria, Mo...
Associated Press

Italy, Libya sign $8B gas deal as PM Meloni visits Tripoli

CAIRO (AP) — Italy’s prime minister held talks in Libya on Saturday with officials from the country’s west-based government focusing on energy and migration, top issues for Italy and the European Union. During the visit, the two countries’ oil companies signed a gas deal worth $8 billion — the largest single investment in Libya’s energy […]
7 hours ago
FILE  - A view of a Flybe flight departing from Manchester Airport, Manchester, England, Jan. 13, 2...
Associated Press

Flights canceled as UK airline Flybe sinks into bankruptcy

LONDON (AP) — Struggling U.K. regional airline Flybe collapsed for the second time in three years Saturday, putting jobs on the line and leaving passengers stranded. The airline initially slumped into bankruptcy in March 2020, shedding 2,400 jobs, as coronavirus restrictions decimated the travel industry. It relaunched in April last year, flying many of the […]
7 hours ago
CORRECTS THE PHOTOGRAPHER'S NAME TO KWIYEON HA - Staff of Kyodo Senpaku Co. holds canned whale meat...
Associated Press

Japan firm opens whale meat vending machines to push sales

YOKOHAMA, Japan (AP) — A Japanese whaling operator, after struggling for years to promote its products amid protests from conservationists, has found a new way to cultivate clientele and bolster sales: whale meat vending machines. The Kujira (Whale) Store, an unmanned outlet that recently opened in the port town of Yokohama near Tokyo, houses three […]
1 day ago

Sponsored Articles

...
Quantum Fiber

How high-speed fiber internet edges out cable for everyday use

In a world where technology drives so much of our daily lives, a lack of high-speed internet can be a major issue.
(Desert Institute for Spine Care photo)...
DESERT INSTITUTE FOR SPINE CARE

Why DISC is world renowned for back and neck pain treatments

Fifty percent of Americans and 90% of people at least 50 years old have some level of degenerative disc disease.
(Photo via MLB's Arizona Fall League / Twitter)...
Arizona Fall League

Top prospects to watch at this year’s Arizona Fall League

One of the most exciting elements of the MLB offseason is the Arizona Fall League, which began its 30th season Monday.
Info expected to emerge slowly in hospital chain cyberattack