Memorial Health cancels surgeries, reverts to paper records as it responds to cyberattack

Memorial Health System in Ohio is struggling to restore its IT systems after a cyberattack Sunday that has significantly disrupted care and forced medical personnel to use paper records.

The health system announced that it suffered “an information technology security incident in the early morning hours this morning, August 15, 2021,” according to a statement published on its website, local media reported. “As a result, we suspended user access to information technology applications related to our operations.” 

Memorial Health System's website was down on Monday.

The not-for-profit health system, which has three hospital locations in Ohio and West Virginia, put its emergency departments on diversion due to the IT system failures, according to the notice on its website.

"Maintaining the safety and security of our patients and their care is our top priority and we are doing everything possible to minimize disruption,” Memorial Health System President and CEO Scott Cantley states in the notice. “Staff at our hospitals—Marietta Memorial, Selby, and Sistersville General Hospital—are working with paper charts while systems are restored, and data recovered."   

RELATED: May cyberattack cost Scripps nearly $113M in lost revenue, more costs

All radiology exams and urgent surgical cases scheduled for Aug. 16 have been canceled as a result, SC Media reported.

Memorial Health System, which consists of Marietta Memorial, Selby General and Sistersville General hospitals, is working with security partners, including the FBI and the Department of Homeland Security, to restore information operations as quickly as possible, Cantley said.

"Our IT department began to notice irregularities in the responses of our infrastructure and began to investigate and over the course of the next couple of hours we began to get concerned,” said Cantley at a press conference, The Marietta Times reported.

Memorial Health System emergency departments are on diversion but will continue to accept STEMI, stroke and trauma patients at Marietta Memorial's campus. Belpre, Selby and Sistersville campuses are on diversion for all non-trauma patients.

Health system officials said the cyberattack did not involve employee or patient personal or financial information.  

It marks the latest in a string of cyberattacks against hospitals, including Eskenazi Health in Indianapolis and Sanford Health in South Dakota.

RELATED: Cyberattack forces Scripps Health to go offline, disrupts patient care

The IndyStar reported Aug. 10 that Eskenazi Health remains on diversion for patients coming by ambulance nearly a week after an attempted ransomware attack that led the hospital to shut down its entire computer network.

While the hospital is accepting patients who come on their own to the emergency department or are delivering babies, ambulances are still being asked to go elsewhere, hospital spokesman Todd Harper said, he IndyStar reported. 

Sanford Health reported it was taking aggressive measures to contain a “cybersecurity incident” that was first detected Aug. 4. The health system has 46 hospitals and hundreds of clinics, senior living communities and skilled nursing facilities. 

Scripps Health in San Diego was hit with a massive ransomware attack in May that led to a major disruption in patient care and forced providers to use paper records. The health system recently divulged the attack cost it $112.7 million through the end of June, with lost revenue bearing most of the cost.