Some South Florida hospitals came under cyberattacks. Here’s what you need to know
.JPG "Hialeah Hospital, which is one of five hospitals in Miami-Dade and Broward that came under a cyberattack in April.")
A group of hospitals in Miami-Dade and Broward, including North Shore Medical Center and Palmetto General Hospital, lost computer or phone service for an undisclosed period in April due to a cyberattack at one of the nation’s largest for-profit hospital companies, Tenet Healthcare Corporation.
Tenet sold its five hospitals in Miami-Dade and Broward in August to Steward Health Care Systems, which kept Tenet as its IT service provider as part of the $1.1 billion purchase agreement.
A Steward spokeswoman said the company’s other facilities in Miami-Dade and Broward — Coral Gables Hospital, Hialeah Hospital and Florida Medical Center in Fort Lauderdale — were also affected by the cyberattack at Tenet, but she said she could not provide more information about the cause or extent of the outage as of Friday.
“The information technology systems at Steward’s Miami hospitals have experienced a disruption in service due to a publicly reported cyber-attack suffered by Tenet,” Josephine Martin, a Steward spokeswoman, said in an email Thursday night. “Since Steward was made aware of the cyber-attack, Steward has been working with Tenet to remediate any remaining delays resulting from the attack.”
Martin added that patient care at Steward’s facilities was not compromised as a result of the outage. But because the hospital’s back-up plan calls for using paper records, some patients did experience delays, she said.
“We discussed the situation with a handful of patients whose care might have been slightly delayed, but all patients have now been accommodated,” Martin said Friday. “Despite this cybersecurity incident, Steward’s Miami facilities remain ready to serve the Miami-Dade and Broward communities.”
Tenet did not respond to the Herald’s requests for comment. The Dallas-based hospital company disclosed a “cybersecurity incident” on April 26 without saying whether patient records were compromised or detailing the impact on Tenet’s 65 hospitals nationwide — and more than 450 other medical facilities, including outpatient surgery centers.
Tenet said that as a result of the breach the company “immediately suspended user access to impacted information technology applications, executed extensive cybersecurity protection protocols, and quickly took steps to restrict further unauthorized activity.”
Tenet said it also launched an investigation into the cyberattack, which caused a phone outage at its St. Mary’s Medical Center and Good Samaritan Medical Center in Palm Beach County on April 20, as first reported by WPTV-Channel 5 in West Palm Beach.
According to reports, St. Mary’s and Good Samaritan lost telephone and computer service for at least 24 hours, forcing doctors and nurses to use paper records, and ambulances to divert emergency patients to other area hospitals.
Tenet’s April 26 statement described the outage as part of a “temporary disruption to a subset of acute care operations.” The company said its hospitals continued to function, using “well-established back-up processes” that it did not describe.
Tenet has not issued an update, but said at the time that “critical applications have largely been restored” and that its impacted facilities were resuming normal operations.
The cyberattack on Tenet is among the latest in a wave of threats to hospitals in 2022, with more than 140 hacking and IT incidents reported by hospitals, physician practices, health plans and business associates since Jan. 1, according to the Department of Health and Human Services’ Office for Civil Rights, which posts online a list of breaches of unsecured patient data affecting 500 or more people.
Neither Tenet nor its former South Florida hospitals have reported a hacking or IT incident to HHS in 2022.
Broward Health, the public hospital system for North Broward, reported a breach in January that affected more than 1.3 million people, according to the health department.
In a statement, Broward Health said someone gained access through a third-party medical provider. The system said it first discovered the breach on Oct. 19, 2021, and said it promptly notified the FBI and the U.S. Department of Justice.
This story was originally published May 6, 2022 at 11:58 AM.
