Two of Palm Beach County’s largest hospitals were forced to return to paper record-keeping and make other adjustments in patient care this week as a result of what their parent company labeled a “cybersecurity incident.”
A spokesperson for Tenet Healthcare said computer systems and phone lines were back in operation at Good Samaritan and St. Mary’s medical centers Wednesday night after some were down for a week.
“All services at Good Samaritan Medical Center and St. Mary’s Medical Center are available to care for our community, and core systems are restored,” spokesperson Shelly Weiss Friedberg said in a statement.
Tenet Healthcare-owned hospitals rebrand:Competition drives Tenet’s renewed focus, community ties as health care rivals multiply
‘I felt like an animal’:Deaf woman wins suit against hospital for refusing to provide interpreter
150 beds and a helipad? Inside newest plans for a Palm Beach Gardens hospital near Alton
While hospital giant Tenet acknowledged that other medical centers it owns were affected, it didn’t say how many. The Dallas-based company owns 450 healthcare facilities and 65 hospitals throughout the country, including five in the county.
None of the other Tenet hospitals in the county — Delray Beach, West Boca Raton and Palm Beach Gardens medical centers — were affected, Friedberg said.
Both the company and Friedberg declined to say how the security breach occurred or detail the impacts it had on hospital operations. They didn’t say whether any patient records were compromised.
“While there was temporary disruption to a subset of acute care operations, the company’s hospitals remained operational and continued to deliver patient care safely and effectively, utilizing well-established back-up processes,” Tenet said in a statement.
It blamed the computer and phone problems on “unauthorized activity.” It said an investigation was ongoing.
HHS warns of ‘exceptionally aggressive’ ransomware group called Hive
Days before Tenet hospital networks crashed on April 20, the cybersecurity arm of the U.S. Department of Health and Human Services issued a warning about an “exceptionally aggressive, financially motivated ransomware group” that calls itself Hive.
Calling it one of the “most active ransomware operators in the cybercriminal ecosystem,” the agency said reports have linked Hive to attacks on 355 companies within 100 days of its launch last June — nearly three a day.
Ransomware is a type of malicious software designed to block access to a computer system until money is paid.
Saying more attacks were likely, the agency’s Health Sector Cybersecurity Coordination Center advised hospitals and other medical providers to increase their vigilance and take steps to protect their systems.
“HC3 recommends the Healthcare and Public Health Sector be aware of their operations and apply appropriate cybersecurity principles … in defending their infrastructure and data against compromise,” the security group said in the advisory.
In recent years, hospitals have been popular targets for cybercriminals, prompting the FBI, HHS and and the Department of Homeland Security to join forces to identify threats and alert hospitals about how to detect and prevent them.
Tenet turns to paper charting, tells doctors to make their signatures legible
Like other hospitals, Tenet medical centers regularly conduct drills so its staff can easily adapt if network systems go down, Friedberg said. They practice charting patient progress on paper, a common practice until hand-written reports were replaced with electronic records a decade ago.
In emails to its staff over the past week, Good Samaritan addressed some of the challenges caused by the breach.
While some doctors had grown accustomed to updating patient charts at home or from their offices through the electronic network, hospital leaders cautioned them to change that practice — at least temporarily. “Timely charting is necessary for continuity of care,” wrote Amy Travland, director of the 333-bed hospital on North Flagler Drive in West Palm Beach.
Raising the specter of an age-old bromide about doctors and their illegible signatures, she reminded physicians that until electronic record-keeping was restored, they would have to print their names.
“We have been on computers for 10 years now and have many new staff who don’t recognize signatures,” Travland wrote. “This is especially important with physicians’ orders.”
Travland also warned doctors not to use abbreviations. “Staff no longer know the short hand often used previously with paper charting,” she wrote.
Similar advice was offered to physicians at St. Mary’s, a 460-bed hospital on 45th Street also in West Palm Beach.
In the wake of the breach, Tenet said it would beef up security. Recent studies, including one by the Massachusetts Institute of Technology, found hospitals lagged behind other businesses in safeguarding their computer systems.
“The company is taking additional measures to protect patient, employee and other data, as appropriate, in response to this incident,” Tenet said in the statement.
It also applauded its staff for quickly pivoting to turn-of-the-century practices. “Tenet is grateful to its physicians, nurses and staff for their dedication to safely care for patients as the company works to resolve this matter,” it wrote.