HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

UMC health system forced to divert patients amidst ransomware attack

Written by Kirsten Peremore | Oct 1, 2024 6:17:47 PM

A ransomware attack forced UMC to divert their patients to other facilities due to large scale IT outages affecting essential services. 

 

What happened

On September 26, 2024, UMC Health System in Lubbock, Texas, experienced a ransomware attack that led to an IT outage disrupting multiple systems including UMC’s phone service and patient portal. The incident forced the health system to divert emergency and nonemergency patients via ambulances to other local healthcare facilities. 

In response to unusual activity, UMC disconnected networks to avoid further risk. To keep the public informed, the organization launched a dedicated website on September 27, 2024, to post updates regarding the situation. They are collaborating with third party experts who have assisted other hospitals facing similar ransomware challenges to investigate the extent of the breach and plan recovery efforts.

 

In the know

A ransomware attack is a type of cybercrime where hackers infiltrate a victim's computer system or network and encrypt data to make it inaccessible. The attackers then demand a ransom payment, typically cryptocurrency in exchange for a decryption key that would restore data access. 

Related: How ransomware emails impact healthcare security

 

What was said

On September 26, 2024, UMC released a Facebook post stating,UMC is currently experiencing intermittent phone issues throughout our health system. We are working on a solution to regain this functionality. Additionally, we are unable to process messages from the patient portal at this time. If you are needing a prescription refill, please reach out to your pharmacy or PCP.”

 

Why it matters

As a level 1 trauma center, UMC's operational disruption had consequences for emergency medical responses in Lubbock and surrounding counties. This potentially results in repercussions for patient outcomes in the region. 

Related: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is a breach? 

A breach is an incident where unauthorized individuals gain access to sensitive information and compromise its confidentiality.

 

What is the Breach Notification Rule?

A rule that requires covered entities to notify affected persons, the Secretary of the HHS, and in some cases the media when there is a breach of unsecured protected health information (PHI).

 

What are the operational challenges associated with a ransomware attack?

Disruption of services, loss of access to data, increased recovery costs and potential harm to patient care and safety.