Cybersecurity incident hits Missouri hospital

Photo: Joos MInd/Getty Images

A trend from 2023 that appears determined to persist into the new year is cybersecurity risk, as a Missouri hospital's computer systems were disrupted at the end of December, forcing the facility to take its computer systems offline.

Liberty Hospital became aware of the disruption on December 19, at which time it took its entire computer network offline, and the information technology team took immediate steps to begin understanding the event, according to the hospital.

The hospital gave no information as to whether the incident had the potential to compromise the personal information of patients.

Third-party cybersecurity specialists were called in, and the hospital implemented additional safety protocols. In collaboration with numerous EMS teams and hospitals from across the Kansas City area, Liberty Hospital transferred patients who required higher levels of care than systems were equipped to support at that time. Clinical staff moved to downtime processes and workarounds to safely care for the patients who remained, the hospital said.

During the next several days, the hospital's IT team and other specialists worked to methodically revive the affected systems. The hospital continued to perform low-risk procedures in the main operating rooms, outpatient surgery department and Birthing Center, and accepted walk-in patients at the emergency department.

The hospital's emergency department opened to ambulances just in time for the holiday weekend, according to Liberty.

WHAT'S THE IMPACT?

The disruption was determined to be a cybersecurity incident, but the nature and extent of it is still being determined, and the hospital said it's too soon to provide a definitive recovery timeline.

As of December 28, many clinical and surgical services have resumed. The emergency department is caring for an increasing number of patients each day, but due to downtime patient safety procedures, typical ER wait times may be longer than usual. 

At Liberty Hospital Primary Care and Specialty Care clinics, prescription refills for outpatients won't yet occur electronically, the hospital said.

Patients scheduled for elective outpatient imaging – such as routine mammograms – should contact patient scheduling to avoid wait times, according to Liberty. Patients are also encouraged to call with any concerns about billing.

"Investigation into the source and extent of the cybersecurity incident is ongoing," the hospital said on December 29.

THE LARGER TREND

An October survey found patient care is under threat from cyberattacks, particularly supply chain and business email compromise (BEC) attacks, as more and more healthcare organizations are grappling with the cost and headache associated with them.

The report found that 88% of the surveyed organizations experienced an average of 40 attacks in the past 12 months. The average total cost of a cyberattack was $4.99 million, a 13% increase from the previous year.

Among the organizations that suffered the four most common types of attacks – cloud compromise, ransomware, supply chain and BEC – an average of 66% reported disruption to patient care. Specifically, 57% reported poor patient outcomes due to delays in procedures and tests, 50% saw an increase in medical procedure complications and 23% experienced increased patient mortality rates.
 

Twitter: @JELagasse
Email the writer: Jeff.Lagasse@himssmedia.com