Illinois Hospital First To Shut Down Completely After Ransomware Attack
from the this-seems-bad dept
You may have noticed that for-profit healthcare in the U.S. is already a hot mess, especially in the most already marginalized parts of the country. Giant, mismanaged health care conglomerates have long pushed their underfunded staffers to the brink, while routinely under-investing in necessary technical upgrades and improvements. It’s getting consistently worse everywhere, but in particular in rural or poor regions of the U.S.
And that was before COVID. Not too surprisingly, it doesn’t take much for this kind of fragile ecosystem to topple completely. Like St. Margaret’s Health in Spring Valley, Illinois, which this week was forced to shut down completely because it simply couldn’t recover from a 2021 ransomware attack:
A ransomware attack hit SMP Health in 2021. The attack halted the hospital’s ability to submit claims to insurers, Medicare or Medicaid for months, sending it into a financial spiral, Burt said.
Such attacks can have a chain reaction on already broken hospitals and health care systems. Health care workers are sometimes forced to resort to pen and paper for patient charts and prescriptions, increasing the risk of potentially fatal error. Delays in care can also prove fatal. And ransomware is only one of the problems that plague dated medical IT systems whose repair is being made increasingly costly and difficult by medical health care system manufacturers keen on monopolizing repair.
When hospitals like St. Margarets’ shut down, they create massive health care vacuums among the already underserved. In this case, with St. Margarets being closed, locals have to travel at least a half an hour for emergency room services and obstetrics services. Which, for many, will be fatal:
Kelly Klotz, 52, a Spring Valley resident with multiple medical issues, said she was concerned the drive could lead to medical complications for her and her parents.
“I need access to good medical care at any given time,” she said. “It’s not like I can say I’ll schedule my stroke six months from now. It’s devastating to this area.”
“If you’re having a heart attack or a stroke, may the odds ever be in your favor, because you’re not going to make it there in time,” Klotz said.
Data from the University of Carolina indicates that 99 rural U.S. hospitals have shuttered since 2005. Many hospitals are hit with dozens of such attacks on dated IT infrastructure every day. St. Margarets’ is being deemed the first to be shut down over a ransomware attack (probably not true), but it’s certainly not going to be the last.
Filed Under: er, healthcare, medical, privacy, ransomware, right to repair, security
Comments on “Illinois Hospital First To Shut Down Completely After Ransomware Attack”
If you want good health care you will have to let us surveil your Internet usage so that we can protect the health care system..
Some politician with an authoritarian mind set.
Well, I guess that is one difference between a slave and an employee. The slave does not get any healthcare.
Don't use a security hole
And they will keep using the buggiest and most insecure O.S., the M$ Windows.
Re:
If you think using Linux or Mac is going to save you from malware, well… sit down. I have something to tell you, and it is going to make you sad.
Re:
Hate to break it to you, but Windows is just as secure as MacOS and Linux, assuming a competent administrator (applies to all of them, an incompetent admin can make any of them vulnerable). You hear about Windows more often because it’s a bigger target, but the vast majority of infections for any of them are through malware and usually because someone did something stupid and let it through the front door.
Re: Re: Modern windows OK ... hospital equipment runs on NT
You may very well be completely right about Windows 10 (probably) and 11 (99.99% true), but so much of health-care equipment still runs on old versions of Windows, often as old as Windows NT! And administration systems may well not be much newer than that.
Nobody in their right mind should be connecting any Windows installation prior to Windows 10 to the internet these days.
Re: Re: Re:
The problem is a lot of the equipment came with NT or XP, and is only certified to run on the version it came with originally. For some EQ the manufacturer’s out of business, so there’s no way to get it certified to run on a newer OS. For others, the manufacturer just doesn’t give a damn or would rather try to get the hospital to buy newer EQ instead. And hospitals can’t afford to do that, because the existing EQ still works. Hospitals can’t just upgrade systems medical EQ is attached to when they want. The new version has to be certified with the FDA for that piece of EQ.
We don’t want to get rid of the FDA certification process in this case, or we’ll get things like THERAC-25 again. But we need a law that requires manufacturers to recertify in a timely manner or face punitive fines. And it needs to provide some way to get EQ where the manufacturer is out of business certified for updates and newer OSs as well.
Competent IT would help a lot, allowing virtual networks and partitioning to limit the equipment’s access to the Internet, but it’s not going to solve the major issues.
Re: Re: Re:2
Which does the most harm, a rare incident like THERAC_25 or losing access to treatment and hospitals? While it is easier for the press to raise a storm about the first, I suspect more damage is done via the lack of an ability to deliver treatment.
Re: Re: Re:3
There’s a reason why Therac-25 is vanishingly rare.
Re: Re:
“assuming a competent administrator”
LOL
This fictional person may reside in your head but can not be found in the wild. This can be due to a multitude of reasons most of which point toward management. System administration at the corporate level is a nightmare full of incompetent and political buffoons.
Re: Re: Re:
They may be “unicorns” (really just misnamed rhinos) but competent sysadmins do exist.
Used to know one. They just don’t need to make their presence known.
Now, the US Army’s system administraion…
Re: Re: Re:2
“competent sysadmins do exist.”
Not for long. Their employment is cut short when management is stupid.
Re:
2005 called. It wants its trite topical security analysis back.
half an hour to a emergency room !
lol, here in NYC, don’t have stroke during rush hour…
Hospital closing
There is a hospital in Peru, IL that is 3.61 miles away from St. Margaret’s. Is there a reason why people won’t be going there?
Re:
It’s part of the same system and according to their website it is also closing.
Re:
Just checked closer. The Peru location closed most services like ER in February of this year. They are winding down the rest of the services today. It sounds like OSF is buying the Peru facility, so if that goes through it should re-open at some point.
Corroboration
“ Giant, mismanaged health care conglomerates have long pushed their underfunded staffers to the brink, while routinely under-investing in necessary technical upgrades and improvements.”
Please provide citations that support this incredibly broad statement. There is no reason to accept its accuracy without support.
Re:
Are you claiming that healthcare corporations have not underfunded staffers to the brink?
Because there have been plenty of news articles about nursing staff quitting/moving due to bad management. The handling of the pandemic made things much more evident.
I thought under-investing was viewed by c-suite folk as good management. When did this change?
Re: Re:
A request for references supporting a claim is not a counterclaim.
According to the local newspaper here in the Spring Valley area, they decided to close because they couldn’t get more state funding and hoped OSF would decide to buy them.
They were denied more state funding because the last round of funding they received was supposed to be used for staff payroll and hospital mgmt used it for other bills.
Just sharing.