A ransomware attack has brought the University Medical Center in Lubbock, Texas, to a standstill, highlighting vulnerabilities in hospital cybersecurity.
At a Glance
- University Medical Center in Lubbock hit by ransomware attack, causing IT outages.
- Ambulances diverted to other facilities due to the attack.
- UMC is the only level 1 trauma center within 400 miles.
- Clinics are operating on downtime procedures, causing delays.
- New Congressional bill aims to improve cybersecurity in hospitals.
Ransomware Attack on University Medical Center
The University Medical Center Health System in Lubbock, Texas, suffered a critical ransomware attack last Thursday, crippling essential IT systems. The incident rendered the hospital’s computer networks inoperative, forcing the diversion of incoming ambulances to nearby facilities.
Being the only level 1 trauma center within a 400-mile radius, the operational disruption at UMC raised significant concerns among healthcare professionals and experts alike. Many of the hospital’s clinics remain operational but are running on downtime procedures, which has caused delays and limited access to patient information.
Ransomware Attack Forces UMC to Divert Emergency Patients https://t.co/4lOtKzzQim #cybersecurity #infosec #hacking
— The Cyber Security Hub™ (@TheCyberSecHub) October 1, 2024
Impact and Ongoing Challenges
The ransomware attack has affected multiple systems within the hospital, including radiology and phone services. Patients are advised to bring physical copies of prescriptions and other critical information for their appointments. UMC, employing approximately 4,900 people with an annual budget of over $800 million, has faced significant cybersecurity challenges in the past, including a data breach earlier this year that exposed sensitive information.
“Out of an abundance of caution, we will continue to temporarily divert incoming emergency and non-emergency patients via ambulance to nearby health facilities until this issue is resolved,” the US hospital said in a statement.
Meanwhile, Texas Tech University Health Sciences Center (TTUHSC) also reported IT issues, though it did not confirm any link to the problems faced by UMC. Clinical operations at TTUHSC have been limited, and classes were canceled on Monday but resumed on Tuesday. Their IT issues affect multiple campuses, including those in Amarillo, Permian Basin, Abilene, and Dallas.
Improving Hospital Cybersecurity
The ongoing situation at UMC highlights the urgent need for robust cybersecurity measures in healthcare settings. The federal government has introduced a new bill aimed at improving hospital cybersecurity and preparedness, providing much-needed funding and requiring stress tests for cyber incident recovery.
“While we’ve seen the rate of ransomware attacks reach a kind of ‘homeostasis’ or even declining across industries, attacks against healthcare organizations continue to intensify, both in number and scope,” said Sophos field CTO John Shier.
Other hospitals, including Weiser Memorial Hospital, have experienced similar attacks recently, underscoring the widespread nature of this threat. Ransomware attacks, which involve encrypting files and demanding ransom for their release, have been increasing among government entities and critical infrastructure organizations. Two-thirds of healthcare facilities have faced ransomware attacks in the past two years, with over half opting to pay the ransom to regain control of their systems.
