A hospital in Illinois will close on Friday due in part to a cyberattack – a rare case of a health care provider publicly linking a hack incident to its closure.
The 2021 cyberattack on St. Margaret’s Health, a hospital in Spring Valley, Illinois, hobbled computer systems for months and prevented it from filing insurance claims, Linda Burt, a hospital vice president, told CNN on Monday.
“It took months after we went back online to catch up with billing,” Burt said in an email. Other factors in the hospital’s closure were staffing costs brought on by the coronavirus pandemic and supply chain and inflation issues, she said.
The hospital’s closure is “really disheartening” said Laurie, a switchboard operator at St. Margaret’s Health who declined to give her last name. “You get to know people. You get to know the patients,” Laurie told CNN, adding that there are many elderly people in the area who rely on St. Margaret’s for treatment.
NBC News earlier reported on the closure of the hospital.
Ransomware attacks – which lock computer systems so hackers can demand a fee – have disrupted numerous medical facilities across the country during the pandemic.
Federal officials have tried to harden hospital computer systems and give them early warning about potential hacks. But resources are at a premium and many health care organizations are still falling prey to ransomware groups.
Last month, an 88-bed hospital in Idaho was forced to divert ambulances for multiple days following a cyberattack.
Many health care organizations targeted in hacks are central to their local communities and have to call in the FBI or private forensics specialists for help. St. Margaret’s Health is Spring Valley, a town of some 5,000 people that is about 100 miles southwest of Chicago.
“Small rural hospitals across this country are fighting for survival” due to tight business margins, Burt said. “We are the latest victim.”
Researchers have tallied scores of ransomware attacks per year on American health clinics in recent years, but that is likely an undercount because some clinics do not publicly disclose the hacks.