Large Hospital System Goes Offline after Cyber Attack

Description

Mississippi’s Singing River Health System, one of the state’s largest hospital networks, temporarily shut down its internal services due to a cyberattack that took place in the third week of August 2023. Spanning three hospitals and numerous clinics, the health system serves approximately 100,000 patients annually. On August 21, a public notice was posted on the company’s website, stating that downtime procedures were in effect, affecting services such as the patient portal for appointment and chart information. Lab results were manually generated, and specific tests, like radiology exams, were limited to certain locations. The organization has not disclosed the nature of the cyberattack or commented on potential ransom payments.

Identity Indicators of Compromise

There have been few details released about the attack other than the fact that the internal IT department identified suspicious behavior on August 20 which led to the confirmation of the attack.

Containment (If IOCs are identified)

The company’s internal IT department has been working around the clock to bring services back online. The department is also working with a third-party cybersecurity company to assist them, and the Singing River is working with local, state, and federal law enforcement as well. As part of a continued effort to keep patients informed, a FAQ page was added to the organization’s website.

Prevention

As cyberattacks have surged in recent years, it’s becoming evident that every organization is at risk and should prioritize resilience alongside prevention. Hospitals and clinics must establish and regularly update contingency plans for downtimes. These plans should specify when to initiate downtimes, temporarily disable electronic systems, and curtail elective services. The procedures should also outline how to transition to paper-based systems and ensure pharmacies are equipped with sufficient fax capabilities. A thorough plan will cover all operational areas, including admissions, discharges, billing, and even food services. Training should educate managers and staff on the kinds of incidents that could lead to system downtimes. This training should also feature simulations and exercises to familiarize personnel with utilizing offline resources effectively.

These precautionary steps aren’t exclusive to healthcare organizations. Every company should have a comprehensive incident response plan (IRP) that details a coordinated approach to cyberattacks. A designated leadership response team should be identified, with clear roles and responsibilities for each member. This plan should undergo an annual review and update. It is often advisable for organizations to work with outside specialists like HALOCK Security Labs, who have dedicated teams with vast experience in crafting incident response plans across various sectors.