In what seems to be the first announcement of its kind, two rural healthcare facilities closed last week citing a ransomware attack as part of the reasons why.
According to reports, St. Margaret's Health in Peru and Spring Valley Illinois, closed all operations as of June 16. In May, Chair of the hospital’s parent company SMP Health, Suzanna Stahl, announced the hospital would close sometime this year in a Facebook video.
“Due to a number of factors, such as the Covid-19 pandemic, the cyberattack on the computer system of St. Margaret’s Health, and a shortage of staff, it has become impossible to sustain our ministry. This saddens us greatly,” said Stahl.
According to news reports, SMP Health was struck with a ransomware attack in 2021 which stopped the hospital from being able to submit claims to insurers, Medicare or Medicaid, for months.
“This is a stark reminder of the worst-case scenario for a small healthcare organization,” said Amit Patel, SVP at Cyware. “Without enough resources to invest in robust security, updated systems and having a clear recovery plan, these important local healthcare resources can easily be put out of business, directly impacting their patients. This is an industry-wide problem, yet we keep expecting our weakest links to defend themselves. We have to invest in systems to share intelligence, security best practices and critical alerts across the industry quickly, reliably and automatically.”
SMP Health isn’t the only healthcare facility to fall victim to cyberattacks. A recent survey showed that more than one in three healthcare organizations around the world reported ransomware attacks in 2020.
In March, U.S. senators heard warnings from healthcare industry experts on the importance of cybersecurity in the healthcare industry. Witnesses testified in front of the Senate Homeland Security and Governmental Affairs Committee highlighting the severity of cyberattacks on healthcare systems and how they can affect patient care as well as compromise sensitive medical information, and they are a threat that seems to be growing.
The March hearing also highlighted why rural healthcare providers are especially vulnerable to attacks. In her testimony, Kate Pierce of Fortified Health Security, mentioned budget constraints and lack of cybersecurity staffing as some challenges.
“Smaller facilities, from my experiences, most of them have no staff that are directly assigned to cyber or they have very limited staff in that area,” Pierce said.