Fraud Management & Cybercrime , Healthcare , Industry Specific

Rural Healthcare Provider Closing Due in Part to Attack Woes

St. Margaret's Health Is Permanently Shutting Hospitals and Clinics
Rural Healthcare Provider Closing Due in Part to Attack Woes
St. Margaret's Health in Spring Valley and Peru, Illinois, is shutting down amid cyberattack-related and other woes. (Image: SMP Health)

A rural Illinois medical system will shut down on Friday partly due to fallout from a 2021 ransomware incident as a wave of extortionate malware exacts rising costs from the healthcare industry.

See Also: OnDemand | Overcoming the Limitations of Addressing Insider Threat in Banking: Real Solutions for Real Security Challenges

The system, consisting of two Catholic hospitals and several clinics, also cited personnel shortages and the novel coronavirus pandemic as reasons for the closure.

The closing of 44-bed St. Margaret's Health hospital in Spring Valley, Illinois, follows on the heels of the "temporary" suspension announced in January by nearby sister hospital, St. Margaret's Health in Peru, Illinois, which has 49 beds.

The closures - first reported by NBC on Monday - were foreshadowed on May 11 in a Facebook video posted by Sister Suzanne Stahl, the chair of parent organization SMP Health. A series of setbacks, including the ransomware attack, "made it impossible to sustain our ministry," she said.

Rural hospitals are increasingly the target of ransomware, especially given their lack of resources to pay for dedicated cybersecurity staff, reliance on outdated IT systems and, in many cases, a legacy of mismanagement and high turnover in ownership.

Sometimes, smaller rural hospitals fall victim not because they're specifically targeted but rather because they're simply more vulnerable than larger, better resourced entities. "Some of the sophisticated attackers are a little more strategic in their targeting but most throw spaghetti at a wall and hope it sticks," said Denise Anderson, president of the Health Information Sharing and Analysis Center.

The average cost of a healthcare data breach is $10.1 million, according to 2022 research from IBM and the Ponemon Institute.

"These problems have no end in sight, and if a healthcare provider is already running on thin margins, a cyberattack that disrupts operations can be existential," said Mike Hamilton, co-founder of security firm Critical Insight.

Members of St. Margaret's leadership team did not immediately respond to Information Security Media Group's requests for comment about the closing.

St. Margaret's parent organization, SMP Health, based in North Dakota, declined comment. Stahl in her Facebook post said another Catholic health care organization, OSF, had agreed to acquire the Peru hospital and resume operations at an unspecified date.

Spring Valley, Illinois Mayor Melanie Malooley-Thompson said in a Facebook post on Sunday that the closing of St. Margaret's Spring Valley hospital, which had been operations for 120 years, was a significant blow to the community.

"The hospital closure will have a profound impact on the well-being of our community. This will be a challenging transition for many residents," she wrote.

The closures of the St. Margaret's hospitals are not the first time a healthcare facility forever shut its doors due in part to business difficulties caused or exacerbated by a cyberattack.

That includes Wood Ranch Medical, a small clinic in Simi Valley, California, that in 2019 announced it would close because it could not recover access to any of its records as a result of a ransomware attack (see: Latest US Healthcare Ransomware Attacks Have Harsh Impact).


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.