Hospitals hamstrung by ransomware are turning away patients

Exterior entrance to hospital.

Dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and diverting ambulances following a ransomware attack that has knocked out staff access to IT systems across virtually all of their operations.

The facilities are owned by Memorial Health System, a nonprofit network of services that represents 64 clinics, including hospitals Marietta Memorial, Selby, and Sistersville General in the Marietta-Parkersburg metropolitan area in West Virginia and Ohio. Early on Sunday, the chain experienced a ransomware attack that hampered the three hospitals’ ability to operate normally.

Beginning at midnight on Sunday, the three hospitals started diverting emergency patients to Camden Clark Medical Center. The facility is an hour’s drive from Selby, which has 25 beds. Camden Clark is about a 25-minute drive from the other two Memorial Health System hospitals hit by the breach. Another affected facility providing critical care includes a freestanding emergency room at Belpre Medical Campus in Belpre, Ohio.

Most of the Memorial Health System facilities have also canceled all urgent surgeries and radiology exams for Monday and are advising patients who have an appointment with a surgeon or specialist on Monday to call ahead.

“We will continue to accept: STEMI, STROKE, and TRAUMA patients at Marietta Memorial Hospital,” officials said in a statement. “Belpre and Selby are on diversion for all patients due to radiology availability. It is in the best interest of all other patients to be taken to the nearest accepting facility. If all area hospitals are [on] diversion, patients will be transported to the emergency department closest to where the emergency occurred. This diversion will be ongoing until IT systems are restored.”

In the crosshairs

The hospitals and clinics are the latest health facilities to be hamstrung by a ransomware epidemic that has worsened over the past 36 months as it shuts down critical fuel pipelines, industrial-scale meat-packing plants and other infrastructure that is vital to everyday life and safety. Already this year, 38 attacks on healthcare providers or systems have disrupted patient care at roughly 963 locations, compared with 560 sites being impacted in 80 separate incidents from all of 2020, according to Brett Callow, a threat analyst at security firm Emsisoft.

Eskenazi Health, a healthcare service provider that operates a 315-bed hospital, inpatient facilities, and community health centers throughout Indianapolis, Indiana, turned ambulances away last week after it was hit by a ransomware attack. Earlier this month, Sioux Falls, S.D.-based Sanford Health also experienced a ransomware attack that caused emergency patients to be diverted to other hospitals for days while IT workers raced to restore service.

Some ransomware groups have pledged to spare hospitals, schools, and critical infrastructure from attacks, but as the recent string of attacks shows, critical health providers continue to get infected, either because of human error or because ransomware groups still consider them targets.