MercyOne recovers from cyberattack of parent company

MercyOne Central Iowa, a Des Moines, Iowa-based Catholic medical group, was hit with a ransomware attack at the beginning of the month and is starting to come back online.

The care group is part of the MercyOne health system, which is owned by CommonSpirit Health. CommonSpirit Health is one of the largest health systems in the United States and the second-largest nonprofit hospital chain, operating 142 hospitals and more than 2,200 care centers across 21 states.

The attack was found as part of the CommonSpirit Health IT issue. CommonSpirit became aware of an IT attack that was impacting some of its facilities, and the healthcare company subsequently took certain systems offline, including electronic health records (EHRs) and patient portals.

While the systems are coming back online and CommonSpirit undertakes an investigation into the cyberattack, all MercyOne Central Iowa care locations are open and caring for patients using established procedures. 

“At this time, most hospital-based systems are back online, as well as the payroll platform. CommonSpirit IT is working to bring systems back online for Central Iowa clinic providers, such as access to patient electronic health records and electronic prescription tools,” MercyOne Central Iowa said in a statement. “It will take some time before we can restore full functionality, and we continue work to bring our systems up as quickly and safely as we can.”

CommonSpirit said there was no impact to clinic, patient care and associated systems at Dignity Health, Virginia Mason Medical Center, TriHealth or Centura Health facilities.

The ransomware attack comes as more healthcare organizations are facing cybersecurity threats. The Department of Health and Human Services is reportedly having trouble keeping up with the scale of the problem, and the federal office in charge of dealing with these breaches is overwhelmed, according to some reports

Healthcare cyberattacks are particularly costly, to the tune of $10 million on average, thanks to the highly private and personal data that is often breached.  
 

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

With generative AI coming into its own, AI regulators must avoid relying too much on principles of risk management—and not enough on those of uncertainty management.

Trimed Popup
Trimed Popup