Fraud Management & Cybercrime , Healthcare , Industry Specific

Midwest Hospital Group Experiencing Systemwide IT Outage

Incident Comes as Several Other Regional Providers Recover From Recent Attacks
Midwest Hospital Group Experiencing Systemwide IT Outage
HSHS St. Clare Memorial Hospital in Wisconsin is among facilities affected by an IT outage at Prevea Health and its partner entity, Hospital Sisters Health System. (Image: Prevea)

Two related healthcare organizations that operate dozens of clinics and 15 hospitals in the Midwest are the latest regional medical providers struggling with an enterprisewide IT outage affecting clinical and administrative applications.

See Also: Ransomware Demystified: What Security Analysts Need to Know

IT systems and phones have been down systemwide since Sunday at Green Bay, Wisconsin-based Prevea Health and its sister organization, Springfield, Illinois-based Hospital Sisters Health System.

So far, Prevea Health and HSHS have not yet publicly stated whether the incident is tied to a cyberattack. But the IT disruption at organizations appears similar to IT outages still hampering several other regional healthcare providers in the aftermath of recent cyberattacks.

Those other entities include Prospect Medical Holdings, which is based in California but operates 17 regional hospitals and clinics in several states, and Singing River Health System, which has three hospitals and multiple medical facilities serving the Mississippi Gulf Coast region (see: Mississippi Hospital Systems Still Struggling With Attack).

Half of Prevea Health is owned by HSHS and half is owned by the medical group's physicians. HSHS has 15 hospitals in Illinois and Wisconsin, and Prevea partners has six HSHS hospitals across Wisconsin. The two entities use the same electronic medical record system for all locations, according to Prevea.

In a joint statement posted Monday on Prevea's website, the organizations said they are dealing with a "temporary" systemwide outage affecting clinical and administrative applications and communication, including the phone system, and MyChart and MyPrevea patient portals. On Tuesday, the HSHS website appeared to be completely offline.

"HSHS and Prevea have well-established downtime policies and procedures when we experience technology outages, and we are following those protocols and continuing to care for our patients with the same level of quality, safe and effective care," the joint statement said.

"We acknowledge this outage is causing inconvenience for some patients and that services may take longer to schedule or receive."

Prevea and HSHS did not immediately respond to Information Security Media Group's request for comment and details about the outage.

Long-Lasting Impact

Meanwhile, a hospital worker at Singing River Health System in Mississippi told ISMG on Tuesday that the entity's IT systems were still offline following its cyber incident that occurred over the weekend of Aug. 19. The entity declined ISMG's request for additional details pertaining to the cyberattack and the status of the recovery.

In a statement to ISMG on Tuesday, Prospect Medical Holdings said it was still dealing with recovery work in the wake of the attack that hit it in early August, but IT systems are coming back online at some of its facilities.

"Prospect Medical's computer systems are now substantially back up and running as normal in many of our markets and our hospitals, and affiliated providers are continuing to provide safe, quality care to patients following a data security incident that disrupted our operations," the statement said.

"Work to input paper patient records used by our caregivers while our systems were down into our electronic medical record systems is ongoing."

At least a dozen healthcare entities and related clinics have been forced into electronic health record downtime during the first half of 2023 due to cyber incidents, said Toby Gouker, chief security officer for government health and risk management services firm First Health Advisory. "When systems are forced offline, patient safety, care morbidity due to delays, and care quality are at stake."

But having to take IT systems offline to deal with a cybersecurity incident can also have far-reaching implications for healthcare sector entities in terms of financial impact.

"Data confirms that these outages can cost larger entities an average of $1 million per day in lost revenue and recovery costs," Gouker told Information Security Media Group.

Just this month, Massachusetts-based health insurer Point32Health, which suffered a ransomware attack in April that compromised the personal information of more than 2.5 million individuals and disrupted IT systems for weeks, reported an adjusted net loss of $51.4 million for the six months ended June 30. Much of the loss was tied to the cyberattack.

The company said its adjusted net income includes an operating loss of $102.7 million and investment income of $51.3 million, excluding mark-to-market investment.

"Our operating results for the first six months of this year represent headwinds related largely to the cyber incident that are transient and one-time in nature," said Scott Walker, chief financial officer at Point32Health, in the report.

Point32Health and its Harvard Pilgrim Health unit, which was directly affected by the cyberattack, are also facing several proposed federal class action lawsuits involving the data breach (see: Point32Health, Harvard Pilgrim Facing 4 Data Breach Lawsuits).

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.