© 2024 WFSU Public Media
WFSU News · Tallahassee · Panama City · Thomasville
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Operations at TMH are returning to normal. An 'IT issue' is resolved after nearly two weeks

TMH is working to address an IT security threat
Patrick Sternad
/
WFSU Public Media
TMH says systems are returning to normal after an IT security threat

Tallahassee Memorial Healthcare has returned to normal operations after an IT security threat caused the hospital to go offline for nearly two weeks.

The hospital will no longer need to divert ambulance traffic and will resume scheduling non-emergency surgeries and procedures. TMH hasn’t been specific about the type of security issue that impacted the hospital, but experts say the evidence points to a ransomware attack.

While Tallahassee Memorial Healthcare has not used the term ransomware, Tony Sabaj with Check Point Software said it’s the most likely scenario. He said the scam usually starts with a team of hackers getting into an organization’s systems through a phishing email.

“All it takes is one person within the organization to click on a malicious link then download the initial foray into the attack and then it spreads laterally into the organization," Sabaj said. "Then, once the ransomware or malware believes it has enough coverage of the organization then it starts to do its encryption and in a lot of cases, and it looks like at Tallahassee Memorial Hospital, they probably encrypted many of the machines, many of the servers, and maybe even some of the workstations in the hospital to disrupt its operations.”

Sabaj said the hackers typically demand a ransom to give the hacked organization an encryption key to access the stolen data. Sometimes the hackers ask for an additional payment in exchanging for agreeing not to sell the information they’ve collected.

Sabaj said healthcare organizations are a prime target for ransomware scams and the instances of attacks on places like hospitals has increased by about 74 percent in the past year.

“A full healthcare record of an individual sells anywhere from a few hundred dollars to a thousand dollars. So it’s probably one of the more financially advantageous pieces of information that you can sell on the dark web. Just to give you a comparison, a credit card number sells for 50 cents to a dollar," Sabaj said.

Healthcare information is valuable for a number of reasons. It contains personal information that can make creating targeted phishing attacks easier. Also, it contains all the information needed to commit insurance fraud. Sabaj said that’s something TMH patients should keep an eye out for.

Any patient or vendor or affiliate should probably be looking at any fraud that’s happening—especially if credit card information or billing information was compromised. They should be looking at their insurance claims because the information stolen could be used for insurance fraud or for getting prescriptions for controlled substances that are then getting sold on black markets and the dark web," Sabaj said.

Experts say it's also a good idea to consider credit monitoring and to be vigilant about possible targeted phishing scrams created with stolen information.

If TMH did suffer a ransom ware attack, Sabaj does not believe the hospital has agreed to pay and instead has found other ways to recover the stolen data.

The hospital will be legally required to report what data was compromised during the attack, but that information might not be available right away.

TMH has not yet released details about the nature of the IT attack, but said in a statement it is working with law enforcement and state and federal agencies, including the FBI, to manage an ongoing investigation.

Follow @Regan_McCarthy

Regan McCarthy covers healthcare and government in Tallahassee, Florida. She is the Assistant News Director for WFSU Public Media.

Phone: (850) 645-6090 | rmccarthy@fsu.edu

Find complete bio, contact info, and more stories here.