MercyOne recovers from cyberattack of parent company

MercyOne Central Iowa, a Des Moines, Iowa-based Catholic medical group, was hit with a ransomware attack at the beginning of the month and is starting to come back online.

The care group is part of the MercyOne health system, which is owned by CommonSpirit Health. CommonSpirit Health is one of the largest health systems in the United States and the second-largest nonprofit hospital chain, operating 142 hospitals and more than 2,200 care centers across 21 states.

The attack was found as part of the CommonSpirit Health IT issue. CommonSpirit became aware of an IT attack that was impacting some of its facilities, and the healthcare company subsequently took certain systems offline, including electronic health records (EHRs) and patient portals.

While the systems are coming back online and CommonSpirit undertakes an investigation into the cyberattack, all MercyOne Central Iowa care locations are open and caring for patients using established procedures. 

“At this time, most hospital-based systems are back online, as well as the payroll platform. CommonSpirit IT is working to bring systems back online for Central Iowa clinic providers, such as access to patient electronic health records and electronic prescription tools,” MercyOne Central Iowa said in a statement. “It will take some time before we can restore full functionality, and we continue work to bring our systems up as quickly and safely as we can.”

CommonSpirit said there was no impact to clinic, patient care and associated systems at Dignity Health, Virginia Mason Medical Center, TriHealth or Centura Health facilities.

The ransomware attack comes as more healthcare organizations are facing cybersecurity threats. The Department of Health and Human Services is reportedly having trouble keeping up with the scale of the problem, and the federal office in charge of dealing with these breaches is overwhelmed, according to some reports

Healthcare cyberattacks are particularly costly, to the tune of $10 million on average, thanks to the highly private and personal data that is often breached.  
 

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.