Dive Brief:
- Tenet, one of the largest for-profit health systems in the U.S., said it experienced a "cybersecurity incident" last week that disrupted some acute care operations.
- Most critical functions have been restored, while affected facilities are beginning to resume normal operations, according to a statement Tuesday from the Texas-based operator.
- Tenet didn't disclose the nature of the incident, the affected facilities or whether patient data was accessed. The system didn't respond to requests for additional detail by time of publication.
Dive Insight:
After experiencing the cybersecurity incident, Tenet suspended access to the affected health IT programs, took steps to increase security and is currently undergoing an investigation into the matter, the system said.
According to WPTV, a local news outlet in Florida, telephone service and some IT systems at at least two Tenet hospitals in the West Palm Beach area went offline starting last Wednesday. The station reported doctors and nurses were using paper charts and having to leave the hospitals to use their phones because they weren't functional inside.
At the time, a Tenet spokesperson declined to say whether the company was experiencing a cyberattack, WPTV reported.
Tenet, which operates 60 hospitals and roughly 550 other care sites across 34 states, is the latest health system to be affected by a cybersecurity breach, which have been increasing in severity in the U.S. and in the healthcare industry.
Cybersecurity breaches in the sector hit a record high last year, compromising a record volume of patient data, according to cybersecurity firm Critical Insights. In 2021, 45 million people were affected by healthcare cyberattacks, three times the 14 million affected in 2018, according to the firm's recent analysis of HHS breach data.
Cybersecurity has long been underfunded in hospitals, even before COVID-19 swallowed up more resources. In addition, the Biden administration warned about the potential for Russian cyberattacks in February, leading a major hospital lobby to urge facilities to shore up their cyber defenses.
Cyberattacks are hazardous for any business but particularly disastrous for hospitals, as — on top of steep financial losses — they can also contribute to loss of life, according to a report from the Ponemon Institute.
More recently, last Thursday a federal cybersecurity office alerted healthcare providers of an "exceptionally aggressive" ransomware group called Hive. Hive has been active since June last year, though it has increasingly zeroed in on the healthcare sector to encrypt and steal data from its victims using common tactics like phishing attacks.