Cyberattack Sends Florida Hospital Back to Pen and Paper; Emergency Patients Diverted

A cyberattack has forced Tallahassee Memorial HealthCare to switch to paper pen and paper to register, admit and care for patients, as IT struggles to manage the event almost a week after hackers broke in.

TMH is a private, non-profit community healthcare system serving  a 21-county area spanning North Florida, South Georgia and South Alabama. It is comprised of a 772-bed acute care hospital, a surgery and adult ICU center, a psychiatric hospital, multiple specialty care centers, three residency programs, and 38 affiliated physician practices and partnerships.

‘An IT security issue’

On Feb. 2, the organization incurred what it referred to as “a security issue” that ended up impacting some IT systems.

IT staff quickly took the organization’s network offline, the announcement said, indicating that TMH may have had a run-in with ransomware operators – an increasingly common occurrence in the healthcare sector in recent years.

“The good news is that our IT department quickly detected the issue and is working proactively to resolve it,” the organization said.

Back to pen and paper

TMH has issued several updates since, informing the public that EMS patients are being diverted, that some non-emergency surgical and outpatient procedures have been canceled and rescheduled and, more recently, that the organization’s units have been set back decades, to pen-and-paper.

“Patients and families may notice the switch to paper documentation during registration, admission, or during their care, as our providers will be using paper forms, prescription pads, handwritten notes, or other similar paper methods where they may usually use an electronic process,” reads the latest update, issued Feb. 6. “We apologize for any delays this may create. We practice for situations like this, and we are prepared to provide safe, high-quality care to our patients during computer system downtimes.”

Ransomware on healthcare

Ransomware operators, such as the infamous LockBit gang, often seek sympathy or admiration by saying they choose not to hack the healthcare sector. Even so, there’s no shortage of other, less- scrupulous hacking crews that don’t _discriminate_ between targets.

In fact, ransomware has bombarded the healthcare industry in recent years. In some instances, the turmoil caused by a cyberevent can drive overwhelmed emergency room nurses to desperate measures – including calling 911 for help.