Florida hospital takes IT systems offline after cyberattack

Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack.

While all its network systems were taken online, TMH says this attack only impacted some of them.

Patients who require emergency medical services (EMS) will also be diverted to other hospitals, as TMH will only accept Level 1 traumas from its immediate service area.

"Our IT Department detected this security issue early and proactively shut down our IT systems to limit the impact," TMH said in a statement issued on Friday.

"We are reviewing each of our IT systems now, prioritizing them and bringing them back online one-by-one. We do not currently have a timeline for how long this will take as this is an emerging situation, but we will continue to provide updates."

The regional hospital added that patients whose appointments were affected due to this security breach would be contacted by their providers or care facilities.

See our 12 pm update below. We will also continue to post updates on https://t.co/UGsradFmx8. pic.twitter.com/pn1KWWy8Vz

— Tallahassee Memorial (@TMHFORLIFE) February 3, 2023

"Patient safety remains our number-one priority. We apologize for any inconvenience or delays. We will provide additional updates as they become available," TMH said.

"Our organization is following existing protocols for system downtime and taking steps to minimize the disruption."

The hospital reported the incident to law enforcement after the breach was discovered and is now working with them as part of an ongoing investigation.

TMH is a private and not-for-profit healthcare system that serves a 21-county region in North Florida and South Georgia through acute care and psychiatric hospitals, multiple specialty care centers, and 38 affiliated physician practices.

Second suspected ransomware attack targeting hospitals this year

The incident is suspected to be the result of a ransomware attack, according to local media reports that cited inside info from sources with knowledge of the situation.

Throughout last year, the federal government has warned about ransomware operations known for actively targeting healthcare organizations across the U.S.

For instance, the U.S. Department of Health and Human Services (HHS) warned of the Royal. Venus, Maui, and Zeppelin ransomware operations actively targeting the country's Healthcare and Public Health (HPH) orgs.

CISA, FBI, and the HHS also warned in October that the Daixin Team cybercrime group is also attacking the HPH sector in ongoing ransomware attacks.

"This is the second suspected ransomware incident involving U.S. hospitals in 2023. Last year, there were 25 attacks against health systems operating 290 hospitals," Emsisoft Threat Analyst Brett Callow told BleepingComputer.

Atlantic General Hospital in Maryland was also hit by a ransomware attack over the weekend, according to a report from local news outlet WMDT47.