denisismagilov - stock.adobe.com

Kentucky, Tennessee Hospitals Begin Cybersecurity Incident Recovery

Taylor Regional Hospital and East Tennessee Children's Hospital are both making steady progress in recovering from recent cybersecurity incidents.

Both Taylor Regional Hospital (TRH) in Kentucky and East Tennessee Children's Hospital (ETCH) are beginning the long journey to cybersecurity incident recovery.

Two separate security incidents interrupted operations at the hospitals, resulting in delays and disruptions. Below, HealthITSecurity outlines the real-time incident recovery processes that both hospitals are currently undergoing.

Taylor Regional Hospital

As previously reported, Taylor Regional Hospital's systems and phone lines were down in late January as the hospital investigated a cybersecurity incident. TRH could not schedule COVID testing in advance and told patients to expect longer wait times for lab tests.

One week later, the Campbellsville, Kentucky hospital had restored some phone lines. The hospital requested that patients bring a list of current medications to all scheduled appointments.

In its most recent update, TRH confirmed that the cybersecurity incident was a result of unauthorized activity on its network between November 2, 2021, and January 19, 2022.

The unauthorized actor obtained files containing patient names, addresses, Social Security numbers, insurance information, birth dates, medical record numbers, and clinical information.

"While at this time, we have no evidence that any information involved in this incident has been misused, out of an abundance of caution, in the coming weeks Taylor Regional is mailing notification letters to all patients whose information may have been involved," the statement explained.

"We also encourage patients to review statements from their healthcare providers or health insurers and contact them immediately if they see charges for services they did not receive."

TRH said that it implemented enhanced security controls to prevent future cybersecurity incidents. It is still unclear how many individuals the incident impacted.

East Tennessee Children's Hospital

East Tennessee Children's Hospital fell victim to an "information technology security issue" on March 13, according to a notice on its website.

On March 14, the hospital told patients via Facebook that X-Ray services would not be available at any Children's Hospital Urgent Care Centers for the remainder of the night. The next day, the hospital’s Facebook page directed patients of the East Tennessee Children's Hospital Developmental Behavioral Center to call the center if they had a scheduled appointment.

On March 21, ETCH said that its primary care and specialist offices, along with the hospital itself, were still experiencing technical difficulties. A Facebook post stated that access to certain systems was still limited.

By March 22, the hospital informed patients that the phones in all its external offices were fully operational again.

"Our cyber forensics teams and outside agencies are doing everything possible to minimize any disruption. The response is active and still ongoing," the notice on ETCH's website stated."

"We apologize for any inconvenience, and ask for your patience as we address this issue."

Next Steps

Dig Deeper on Healthcare data breaches