A ransomware attack on Frederick Health Hospital led to the shutdown of critical systems, diversion of ambulances, and significant disruption in emergency care.
What happened
Frederick Health Hospital’s systems were taken offline Monday following a ransomware attack, leading to disruptions in patient care. The hospital proactively shut down its systems to contain the event, diverting ambulances to other regional emergency departments.
Despite the cyberattack, Frederick Health’s facilities remained open, providing care to patients with some delays, according to a statement from hospital spokesperson Josh Faust.
See also: HIPAA Compliant Email: The Definitive Guide
What was said
Faust confirmed that the organization identified a ransomware event and took its systems offline. “We are working closely with our third-party cybersecurity experts to bring our systems back online as quickly and safely as possible,” he said.
Frederick County spokesperson Vivian Laxton also noted that the county was alerted to interference with Frederick Health’s communications systems. The incident was declared a “mini disaster” by Maryland state.
In the know
A "mini disaster" can be declared for various critical incidents, including:
- Gas leaks that could pose a health hazard or require evacuations.
- Fires that threaten patient and staff safety.
- Power outages that compromise medical equipment and electronic health records.
- Bomb threats or other security risks that require an immediate response.
While Maryland did not specify the exact reason for Frederick Health’s designation, the ransomware attack likely triggered it due to its disruption of hospital communications, emergency operations, and patient intake capabilities.
The hospital remained on both red and yellow alert as of Monday night, meaning no adult critical care beds were available, and the emergency department requested not to receive new patients needing urgent medical attention. This indicates that the cyberattack severely affected the hospital’s capacity to provide care, leading to the diversion of ambulances to other facilities.
Why it matters
Ransomware attacks on healthcare systems are increasingly common, posing serious risks to patient care and data security. The incident raises concerns about the ability of healthcare facilities to protect patient information from unauthorized access or breaches. The breach also indicates the need for robust cybersecurity measures in healthcare to protect both patient safety and privacy.
Read also: The cascading consequences of ransomware attacks on healthcare systems
FAQs
What is ransomware, and how does it affect hospitals?
Ransomware is malicious software that encrypts a hospital’s computer systems, making them inaccessible until a ransom is paid. It disrupts daily operations, impairs communication, and can delay critical medical care, potentially putting patients at risk.
How does ransomware affect HIPAA compliance?
Ransomware attacks can result in unauthorized access or exposure of patient data, potentially violating HIPAA regulations. This can lead to significant legal and financial consequences, as healthcare organizations are required to protect patient privacy and ensure data integrity.
What should organizations do to protect against ransomware?
Organizations can protect against ransomware by regularly backing up data, training employees on phishing prevention, implementing strong cybersecurity protocols, using advanced threat detection tools, and having a clear incident response plan in place.
Go deeper: Preventing cyberattacks in your organization
Tshedimoso Makhene : Oct 23, 2025 3:20:36 AM
