Southern Ohio Medical Center is continuing to cancel a number of appointment types, one week after being forced into electronic health record (EHR) downtime procedures by a cyberattack. The attack struck on Nov. 11 in the early hours, resulting in care diversion processes for two days.
The emergency department has since resumed seeing patients, but SOMC has continued to cancel a long list of appointments, including outpatient medical imaging and cardiac testing, its sleep lab, pulmonary function tests, and antiarrhythmia clinic, as well as outpatient rehab at four separate care sites. Patients are reporting that the patient portal remains down, as well.
SOMC is a 248-bed hospital in Portsmouth, Ohio that provides emergency and surgical care, along with other healthcare services, such as its cancer, hospice, and wound healing centers. With such a large blueprint, the ongoing impact could create delays and other care morbidity issues.
One of the biggest concerns of downtime brought on by cyberattack is delays on care services and potential impact to patient safety, Saif Abed, M.D., founding partner and director of cybersecurity advisory services for the AbedGraham Group recently explained.
When a system goes down, “you've essentially shut down so much of the ability to deliver healthcare because almost every clinical decision these days in an acute setting is based on pathology test results, and medical imaging.”
“They are highly beneficial from a workload perspective. But when they fail, they're compromised,” he continued. “A cyberattack can essentially ground almost all clinical workflows to a halt.”
The nonprofit health system has remained transparent with the public about the ongoing network outages and recovery efforts, which is not required byThe Health Insurance Portability and Accountability Act. However, it enables patients to make informed decisions about their care.
The latest social media posting shows the SOMC is dealing with a surge in telephone calls from concerned patients, as it continues its recovery efforts. But patient comments on the provider's post show an overall understanding from the community, including patient feedback that staff is continuing to deliver high quality care.
Currently, SOMC is also facing a power outage at one of its family health care sites, unrelated to the cyberattack. There’s been no further details into the scope or type of attack, nor the progress made on recovery.
Similar incidents in the healthcare sector have led to weeks and sometimes months of downtime procedures. Emsisoft data shows the average organization will face 21 days of downtime after an attack.
Johnson Memorial Hospital recently reported it’s still attempting to resume normal operations about six weeks after falling victim to a cyberattack, while the health system of Newfoundland and Labrador have nearly restored its network after an Oct. 30 incident. The attack on the Canadian provider also led to the exfiltration of employee and patient data.