Ransomware, Threat Management, Incident Response, Security Strategy, Plan, Budget

Oklahoma City Indian Clinic reports network disruptions impacting pharmacy

Share
Clinicians and providers at the Oklahoma City Indian Clinic are experiencing network disruptions affecting computer systems, including the pharmacy department. (“Oklahoma Skyline” by tim.klapdor is marked with CC BY-NC 2.0.)

“Technical issues” at the Oklahoma City Indian Clinic have caused network disruptions that have left clinicians and providers unable to access certain computer systems, including the pharmacy department. The incident began one week ago, and the clinic is still experiencing disruptions.

OKCIC is part of the government-run Indian Health Service. The nonprofit has launched an internal review, while actively working with the IT staff and third-part specialists to determine a resolution.

The ongoing IT issues have shut down the clinic’s automatic refill line and mail order services of the pharmacy department “for an indeterminate amount of time.” Patients are being urged to call the pharmacy for needed refills, but will need to have their prescription information to do so, including the chart number, drug name, drug strength, directions and provider.

The social media posting explains that pharmacists are able to provide three-week “loaners” and patients who receive mail-based medications must come into the pharmacy with the physical prescription bottle, if they’re able.

“There is no way for OKCIC to mail medications while the system is down,” the clinic explained. “We apologize for any inconvenience this may cause and we appreciate your patience.”

The website and social media postings do not provide further details on the cause of the IT disruptions. But according to a DataBreaches.net report, the Suncrypt ransomware group may be behind the outage. The threat actor’s leak site claims to have stolen more than 350GB of data from the clinic, including those stored on the electronic health record system.

Suncrypt is threatening to release a full leak of the information if a resolution isn’t reached with the clinic.

OKCIC is the third U.S. healthcare provider to report network outages brought on by cyber incidents this year. 

Taylor Regional Hospital in Kentucky was first hit with an attack in January and while most systems have been brought online, disruptions to phone lines at its oncology departments are ongoing more than two months later. Patients were warned last week that the hack resulted in the theft of patient information, including Social Security numbers and clinical information.

East Tennessee Children’s Hospital was hit with a cyberattack earlier this month and is continuing to recover. The latest update last week shows most systems have been brought back online.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.