A ransomware attack on Frederick Health Hospital led to the shutdown of critical systems, diversion of ambulances, and significant disruption in emergency care.
Frederick Health Hospital’s systems were taken offline Monday following a ransomware attack, leading to disruptions in patient care. The hospital proactively shut down its systems to contain the event, diverting ambulances to other regional emergency departments.
Despite the cyberattack, Frederick Health’s facilities remained open, providing care to patients with some delays, according to a statement from hospital spokesperson Josh Faust.
See also: HIPAA Compliant Email: The Definitive Guide
Faust confirmed that the organization identified a ransomware event and took its systems offline. “We are working closely with our third-party cybersecurity experts to bring our systems back online as quickly and safely as possible,” he said.
Frederick County spokesperson Vivian Laxton also noted that the county was alerted to interference with Frederick Health’s communications systems. The incident was declared a “mini disaster” by Maryland state.
A "mini disaster" can be declared for various critical incidents, including:
While Maryland did not specify the exact reason for Frederick Health’s designation, the ransomware attack likely triggered it due to its disruption of hospital communications, emergency operations, and patient intake capabilities.
The hospital remained on both red and yellow alert as of Monday night, meaning no adult critical care beds were available, and the emergency department requested not to receive new patients needing urgent medical attention. This indicates that the cyberattack severely affected the hospital’s capacity to provide care, leading to the diversion of ambulances to other facilities.
Ransomware attacks on healthcare systems are increasingly common, posing serious risks to patient care and data security. The incident raises concerns about the ability of healthcare facilities to protect patient information from unauthorized access or breaches. The breach also indicates the need for robust cybersecurity measures in healthcare to protect both patient safety and privacy.
Read also: The cascading consequences of ransomware attacks on healthcare systems
Ransomware is malicious software that encrypts a hospital’s computer systems, making them inaccessible until a ransom is paid. It disrupts daily operations, impairs communication, and can delay critical medical care, potentially putting patients at risk.
Ransomware attacks can result in unauthorized access or exposure of patient data, potentially violating HIPAA regulations. This can lead to significant legal and financial consequences, as healthcare organizations are required to protect patient privacy and ensure data integrity.
Organizations can protect against ransomware by regularly backing up data, training employees on phishing prevention, implementing strong cybersecurity protocols, using advanced threat detection tools, and having a clear incident response plan in place.
Go deeper: Preventing cyberattacks in your organization