A hospital system in Florida is still using pen and paper and turning away ER patients almost five days after it was hit by a cyberattack,
Tallahassee Memorial Hospital, which serves 385,000 patients in 16 counties in North Florida and South Georgia, announced it had been hacked last Thursday.
But by Tuesday, its system remained offline, with medics being told to use paper for prescriptions, appointments and admissions. The use of pen and paper could potentially raise the risk of introducing errors when administering medications, labeling lab samples, and scheduling procedures.
Some ‘limited’ surgeries are now being allowed to go ahead after all non-urgent procedures — such as hip replacements — were canceled from Friday to Monday. The hospital said it was also diverting some EMS patients.
It comes after a Russian cybercriminal group claimed responsibility for bringing down 14 hospitals including Stanford Healthcare in California and Cedars-Sinai in Los Angeles.
Tallahassee Memorial Hospital is still using pen and paper almost five days after the cyberattack took place (shown above)
Shown above are the Florida counties served by Tallahassee (dark blue)
In its last update issued Sunday, the hospital said it was ‘making progress’ in resolving the IT security issues to bring the hospital back online.
Online, its website continues to show a red banner at the top reading: ‘Alert: Tallahassee Memorial is currently managing an IT security issue.’
The FBI has been notified about the cyberattack but is yet to confirm whether it has launched an investigation.
Tallahassee Memorial Hospital is one of the major healthcare systems in northwest Florida.
It provides care for emergency patients, expectant mothers, cancer patients, and those suffering from heart disease among others across its 772 beds.
In 2020, it saw 143,000 emergency care visits, carried out 17,300 surgeries and recorded 3,780 births. It employs 4,500 people.
Cyberattackers use a network of machines — usually infected with malware and being operated remotely — to connect to a website simultaneously.
The hackers can then overwhelm a website’s security servers by connecting thousands of times at once.
As a result, anyone trying to view the website will be caught in a ‘traffic jam’ of users connecting and receiving error messages.
After raising the alarm, the hospital immediately switched to using pen and paper and shelved all non-emergency procedures until Monday.
It also began turning away emergency patients, only admitting the most serious trauma cases from Leon county where it is based and the immediate surrounding area.
In the latest update on Sunday, the hospital said: ‘Our teams responded quickly by initiating our incident response protocols, which included taking our systems offline as a proactive security measure and reporting the event to law enforcement.’
They added: ‘Our teams are working around the clock in collaboration with outside consultants to investigate the cause of the event and safely restore all computer systems as quickly as possible.
‘IT security events take time to investigate and resolve. Our investigation is ongoing and, as is typical in such situations, we expect it will take some time to determine exactly what happened.’
No information has been given as to who may be behind the attack.
Last month Russian cybercriminal group Killnet claimed that it had taken down the websites of 14 US hospitals across the country.
Attacks on US healthcare systems and other groups have ramped up following Russia’s invasion of Ukraine.
Other targets have included US banking giant JPMorgan Chase, which was hit in October.