Kettering Health in Ohio is dealing with a system-wide technology outage brought on by a cyberattack that allowed unauthorized access to the network.
Kettering was first made aware of the incident on May 20, when it noticed an inability to access certain patient care systems. This system failure led to elective inpatient and outpatient procedures being canceled and rescheduled for a later date.
The health system later confirmed "unauthorized access" to its network and said that scam calls were being placed from people claiming to be Kettering Health team members, requesting credit card payments for medical expenses.
While it's typical for Kettering to contact patients by phone to discuss medical bill payments, the system stopped making those calls out of caution when it learned of the situation, and said it would not be calling patients until further notice. The system advised patients to call local law enforcement if they think they've received a scam call.
WHAT'S THE IMPACT
On May 21, Kettering said it was working "around the clock" to restore its systems. Procedures are currently being evaluated on a case-by-case basis, and care teams plan on reaching patients by phone about rescheduling procedures if they have the patients' contact information.
At this time, Kettering said there was no evidence that personal cell phone apps such as MyChart have been compromised. The system said it would never reach out to staff or patients via social media.
Kettering said that patient safety was its highest priority.
"We understand our patients' concerns for their privacy and information security," the system wrote.
THE LARGER TREND
While most cyber events to date have not materially affected a hospital's credit quality, Frederick Health Hospital in Maryland and Palomar Health in California are exceptions, with Fitch Ratings downgrading their respective health systems after each experienced a crippling cyberattack this year.
In January, Change Healthcare confirmed that about 190 million people were affected by the 2024 cyberattack that caused upheaval in the healthcare industry. The February 21, 2024, cyberattack disconnected Change from claims payments for hospitals and physician practices, disrupting provider revenue and financial stability to the point of potential bankruptcy for some practices, the American Medical Association said last year.
Jeff Lagasse is editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.