MercyOne receives confirmation of a cyber attack.
All care locations in MercyOne Central Iowa’s region, including Des Moines, remain open and are caring for patients even as the health system struggles with an unspecified cyber attack breach affecting its parent company. Iowa hospital officials have not said whether any patient appointments or procedures were postponed this week as a result of the cyber attack at parent company CommonSpirit Health, an apparent cyber attack that has disrupted hospitals throughout the U.S.
But MercyOne Central Iowa officials said patients can’t schedule appointments online because of the problem. Instead, they should call to schedule an appointment at one of MercyOne’s clinics.
MercyOne facilities shut down some of its information technology systems, including its electronic medical records, because of the cyber attack. These systems were taken offline as “as a precautionary step” afterward, which appears to be affecting hospitals across the country.
Officials have been tight-lipped, offering no details on what occurred. It’s unclear whether patient health information has been compromised, or how long systems will be taken offline.
Health care providers are required by law to notify the federal Department of Health and Human Services if a cyber attack breach has compromised the private information of 500 or more patients. Chicago-based CommonSpirit Health is the second largest nonprofit health care system in the country, operating more than 140 hospitals across 21 states.
It’s unclear exactly how many of its sites are affected at this time, but the scope of the attack is broad, crippling facilities nationwide. The massive outage of its health record system has resulted in canceled appointments and delayed procedures in some areas. CommonSpirit officials have not said how many patients have faced disruption to their health care, but they acknowledged some appointments have been rescheduled as a result.
The Iowa-based MercyOne was jointly operated by CommonSpirit and Trinity Health until earlier this year, when Trinity signed an agreement to become the sole owner of the Catholic health system that operates throughout Iowa.
However, MercyOne systems continued to use CommonSpirit Health technology as officials prepared to integrate into Trinity.
Ransomware Cyber Attack a growing threat to hospitals.
CommonSpirit officials have also not addressed whether this incident is a ransomware attack. But experts say given the growing cybersecurity threat hospitals have faced in recent years, that’s most likely the cause of this massive outage.
Ransomware is malware used by hackers to encrypt data or a computer system, blocking access until the hackers’ demands are met usually a ransom fee.
These kinds of attacks would prevent hospitals from accessing key systems and prevent staff from accessing crucial data, hindering their ability to provide patient care. In the past, that has meant hospitals have delayed cancer treatments, canceled surgeries and even diverted ambulances carrying trauma patients from the facility.