Tallahassee Memorial Healthcare has returned to normal operations after an IT security threat caused the hospital to go offline for nearly two weeks.
The hospital will no longer need to divert ambulance traffic and will resume scheduling nonemergency surgeries and procedures.
The health system hasn’t been specific about the type of security issue that affected the hospital, but experts say the evidence points to a ransomware attack.
While Tallahassee Memorial Healthcare has not used the term ransomware, Tony Sabaj with Check Point Software said it’s the most likely scenario. He said the scam usually starts with a team of hackers getting into an organization’s systems through a phishing email.
“All it takes is one person within the organization to click on a malicious link then download the initial foray into the attack and then it spreads laterally into the organization," Sabaj said. "Then, once the ransomware or malware believes it has enough coverage of the organization, it starts to do its encryption, and in a lot of cases — and it looks like at Tallahassee Memorial Hospital — they probably encrypted many of the machines, many of the servers and maybe even some of the workstations in the hospital to disrupt its operations.”
Sabaj said the hackers typically demand a ransom to give the hacked organization an encryption key to access the stolen data. Sometimes the hackers ask for an additional payment in exchange for agreeing not to sell the information they’ve collected.
Sabaj said health care organizations are a prime target for ransomware scams and that the instances of attacks on places like hospitals has increased by about 74 percent in the past year.
“A full health care record of an individual sells anywhere from a few hundred dollars to $1,000. So, it’s probably one of the more financially advantageous pieces of information that you can sell on the dark web. Just to give you a comparison, a credit card number sells for 50 cents to $1," Sabaj said.
Health care information is valuable for a number of reasons. It contains personal information that can make creating targeted phishing attacks easier. Also, it contains all the information needed to commit insurance fraud. Sabaj said that’s something Tallahassee Memorial patients should keep an eye out for.
Any patient, vendor or affiliate should probably be looking at any fraud that’s happening — especially if credit card information or billing information was compromised. They should be looking at their insurance claims because the information stolen could be used for insurance fraud or for getting prescriptions for controlled substances that are then getting sold on black markets and the dark web," Sabaj said.
Experts say it's also a good idea to consider credit monitoring and to be vigilant about possible targeted phishing scrams created with stolen information.
If Tallahassee Memorial did suffer a ransomware attack, Sabaj says he does not believe the hospital has agreed to pay and instead has found other ways to recover the stolen data.
The hospital will be legally required to report what data was compromised during the attack, but that information might not be available right away.
The health system has not released details about the nature of the attack but said in a statement it is working with law enforcement and state and federal agencies, including the FBI, to manage an ongoing investigation.
Copyright 2023 WFSU. To see more, visit WFSU.