HSHS hospitals, which operates St. Elizabeth’s Hospital in O’Fallon, Illinois and other locations in south central Illinois, is bringing its technology back online after an attack from cyber criminals resulted in a system-wide outage across its entire network, which also has hospitals in Iowa and Wisconsin.
HSHS officials have confirmed the outage was caused by a cyber attack. It brought down phones, medical records, imaging software and other systems for more than two weeks, causing doctors and other personnel to care for patients without vital technology.
According to hospital officials, telephone lines were restored last week, and on Tuesday the system restored EPIC, the electronic medical records system that allows health providers to share information with each other and look at patient histories.
“HSHS colleagues have been working around the clock to restore systems, prioritizing clinical applications as part of our relentless focus on safely caring for our patients,” spokeswoman Kelly Barbeau said in a statement. “We remain focused on restoring remaining affected systems, including business applications, in a methodical and thoughtful manner, which will take time to complete.”
HSHS also operates hospitals in Litchfield, Breese and Greenville, Illinois.
St. Elizabeth’s is only the latest clinic in the region to be hit by cyber criminals. In 2021, Missouri Delta Medical Center in Sikeston, about 30 miles south of Cape Girardeau, saw a data breach in which a third party stole information from one of its servers.
Later that year, an attack on Capital Region Medical Center in Jefferson City disabled phone lines and other technology for days.
Hospitals are vulnerable to cyber attacks because they often rely on huge interconnected networks and servers, said Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center, a cybersecurity nonprofit.
“When you look at a modern day hospital, it’s a big IT information technology environment,” he said. “The servers that are doing everything from electronic health records, patient entry, intake of patients, distributing medicine, imaging systems, medical devices ….every single one of those is dependent on that network to perform its job.”
Such attacks on health systems have become more common since the start of the COVID-19 pandemic, said John Riggi, national advisor of cybersecurity and risk for the American Hospital Association. The pandemic spurred hospitals to rely more on the internet to connect providers and patients.
“We deployed a lot of this network and internet connected technology, all with noble intention to treat patients and save lives,” he said, “But ultimately, what that also did as an unintended consequence was that it expanded our digital attack surface, which the bad guys immediately took advantage of, and started increasing their attacks.”
Riggi said that patients at HSHS locations should keep an extra sharp eye on their medical bills and credit accounts and report any spending they don’t recognize.