East Texas hospital network can’t receive ambulances because of potential cybersecurity incident

Sean Lyngaas, CNN
·2 min read
26

A network of hospitals in East Texas has not been able to accept ambulances to emergency rooms since Thanksgiving Day because of a “potential [cyber]security incident,” a hospital spokesperson told CNN on Friday.

The hospital network, UT Health East Texas, is operating using “established downtime procedures” as the hospital investigates “a potential security incident” and works to bring computers back online, spokesperson Allison Pollan said in an email.

Pollan did not respond to subsequent phone calls seeking more information on the incident and how the hospitals were responding. She declined to answer further questions over email.

Headquartered in Tyler, Texas, UT Health East Texas operates 10 hospitals and more than 90 clinics in the region, and provides health care to thousands of patients annually, according to its LinkedIn page.

The East Texas health care system is just the latest hospital group that has been forced to turn ambulances away because of an apparent cybersecurity incident. The last nine months alone have seen cyberattacks divert ambulances from hospitals in Connecticut, Florida, Idaho and Pennsylvania.

The cyber incident at UT Health East Texas began on Thursday when the hospital network “became aware of a network outage” and moved to lock down its network, according to the hospital network’s statement to CNN.

The hospital network originally said Thursday that it expected computer networks to be “restored in the next 24-36 hours,” but it’s unclear if that will happen.

Officials at the Department of Health and Human Services, and US Cybersecurity and Infrastructure Security Agency (CISA) — two federal agencies charged with helping hospitals defend themselves from hackers — did not immediately respond to requests for comment. The FBI, which also responds to hacks of hospitals, did not immediately have a comment.

Federal officials and critical infrastructure operators such as hospitals and power plants are particularly wary of the threat of ransomware and other cyberattacks over long holiday weekends when many Americans have the day off — and cybersecurity teams may be stretched.

Since the coronavirus pandemic began in 2020, hundreds of health care providers across the US have been forced offline by cyberattacks. Health care organizations often don’t have the cybersecurity resources to deal with the threats.

The problem is persistent, despite greater attention from health care associations and federal officials. CISA last week released a detailed cybersecurity plan to help protect hospitals from hacks.

There have been 209 publicly reported ransomware attacks on US health care organizations in 2023, up from 162 attacks in 2022, Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, told CNN on Friday.

For more CNN news and newsletters create an account at CNN.com