Cybersecurity incident disrupts operations at Tenet hospitals
Photo: Anete Lusina/Pexels
Tenet Healthcare Corporation released a statement on Tuesday revealing that it had experienced a cybersecurity incident this past week that temporarily disrupted some acute-care operations.
According to the corporation, which comprises 60 hospitals and about 550 outpatient and additional care sites, Tenet immediately suspended user access to impacted IT applications, executed extensive cybersecurity protection protocols and took steps to restrict further unauthorized activity.
Tenet did not respond to multiple requests for comment about the details of the incident.
WHY IT MATTERS
In its statement, Tenet noted that the incident led to a temporary disruption to a subset of acute care operations, but that its hospitals remained operational and relied on back-up processes to deliver services.
"At this time, critical applications have largely been restored and the subset of impacted facilities has begun to resume normal operations," said the company.
It noted that efforts to restore IT operations "continue to make important progress."
Although the company did not offer any more information about which operations were affected, reports emerged this past week of Tenet-owned hospitals in Massachusetts and Florida experiencing disruptions.
On Wednesday, April 20, the Framingham Source reported that MetroWest Medical Center in Framingham, Massachusetts, turned away ambulances and patients from its emergency room at Framingham Union Hospital for roughly ten hours.
City services were told the hospital was experiencing a "code black" after a cyberattack at Framingham Union Hospital and Saint Vincent Hospital in Worcester, Massachusetts, reported the Source. Both hospitals are owned by Tenet.
Multiple attempts to reach MetroWest for comment were not successful.
Meanwhile, WPTV reported that St. Mary's Medical Center and Good Samaritan Medical Center, both in West Palm Beach, Florida, began experiencing problems with their telephone service and some information services, including electronic health records, on April 20.
As of Monday patients were being redirected away from St. Mary's.
"The company immediately launched an investigation of the incident, which is currently ongoing," said Tenet in its statement.
"The company is taking additional measures to protect patient, employee and other data, as appropriate, in response to this incident," it continued.
THE LARGER TREND
Hospitals and health systems have reported increasing rates of cyber incidents over the past few years, with more than 40 million individuals' records compromised in 2021 alone.
The federal government has warned of worsening conditions. This past Wednesday – the same day Tenet-owned hospitals appeared to begin experiencing issues – the U.S. Department of Health and Human Services' cybersecurity arm released a warning about Hive, an "exceptionally aggressive" ransomware group.
"HC3 recommends the Healthcare and Public Health Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise," said the agency.
ON THE RECORD
"Tenet is grateful to its physicians, nurses and staff for their dedication to safely care for patients as the Company works to resolve this matter," said Tenet.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.