University Medical Center (UMC) is still grappling with the aftermath of a ransomware attack that occurred last Thursday. The attack caused a widespread IT outage and forced the diversion of emergency and non-emergency patients to nearby facilities.
While some services have been restored, the full impact of the attack remains uncertain as the hospital works to recover.
The ransomware attack, first detected on 26 September, has left UMC’s systems crippled, impacting critical operations, including the diversion of ambulances away from the hospital’s emergency room, despite the ER remaining open to the public.
“Out of an abundance of caution, we are temporarily diverting a select number of patients until all UMC resources are fully functioning,” the hospital confirmed in a statement on Sunday. This precautionary diversion continues despite some progress over the weekend in restoring services.
UMC, the only Level 1 trauma center in West Texas, is crucial in regional healthcare, particularly in trauma cases where time is of the essence. This diversion has raised concerns about the impact on patient safety.
A Threat to National Security
John Riggi, the American Hospital Association’s National Advisor for Cybersecurity and Risk, stressed the gravity of the situation to KCBD: “When you have the only Level 1 trauma center in the region shut down by foreign bad guys…you are putting people’s lives in jeopardy.”
Riggi believes a ransomware attack on a hospital crosses the line as it’s no longer an economic crime but one that threatens lives and should be aggressively pursued and prosecuted. “I use the term “prosecuted” in all senses of the definition related to the government’s capabilities and authorities, which include and extend beyond the government’s law enforcement authorities found under United States Code (USC) Title 18.”
Ransomware attacks on healthcare institutions have risen in recent years, an alarming trend that threatens patient safety and national security.
Riggi noted that no hospital, no matter how prepared, can fully defend against such sophisticated cyberattacks without external assistance. “We need the federal government to go after these bad guys like we did in counterterrorism,” he said, urging a coordinated national response to what he called a significant national security threat.
Working to Restore Systems
UMC has been working with third-party cybersecurity experts to restore systems and assess the full scope of the attack. In a statement released Sunday, the hospital reassured the community that “progress has been made to restore certain services” and added that “patient care and safety remain our top priorities.”
However, UMC did not provide a timeline for all operations to be fully restored.
Despite the ongoing challenges, UMC says it remains committed to restoring operations as quickly as possible. In its latest statement, the hospital thanked the community for its support and reiterated its focus on patient care and safety: “We are dedicated to continuing to provide the best care that we can to our patients and resume normal operations as quickly and safely as possible.”
For further updates, UMC encourages patients and the community to visit its website, which provides the latest developments on the recovery effort.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.