MercyOne recovers from cyberattack of parent company
MercyOne Central Iowa, a Des Moines, Iowa-based Catholic medical group, was hit with a ransomware attack at the beginning of the month and is starting to come back online.
The care group is part of the MercyOne health system, which is owned by CommonSpirit Health. CommonSpirit Health is one of the largest health systems in the United States and the second-largest nonprofit hospital chain, operating 142 hospitals and more than 2,200 care centers across 21 states.
The attack was found as part of the CommonSpirit Health IT issue. CommonSpirit became aware of an IT attack that was impacting some of its facilities, and the healthcare company subsequently took certain systems offline, including electronic health records (EHRs) and patient portals.
While the systems are coming back online and CommonSpirit undertakes an investigation into the cyberattack, all MercyOne Central Iowa care locations are open and caring for patients using established procedures.
“At this time, most hospital-based systems are back online, as well as the payroll platform. CommonSpirit IT is working to bring systems back online for Central Iowa clinic providers, such as access to patient electronic health records and electronic prescription tools,” MercyOne Central Iowa said in a statement. “It will take some time before we can restore full functionality, and we continue work to bring our systems up as quickly and safely as we can.”
CommonSpirit said there was no impact to clinic, patient care and associated systems at Dignity Health, Virginia Mason Medical Center, TriHealth or Centura Health facilities.
The ransomware attack comes as more healthcare organizations are facing cybersecurity threats. The Department of Health and Human Services is reportedly having trouble keeping up with the scale of the problem, and the federal office in charge of dealing with these breaches is overwhelmed, according to some reports.
Healthcare cyberattacks are particularly costly, to the tune of $10 million on average, thanks to the highly private and personal data that is often breached.