Hospital Sisters Health System’s CFO exits as it continues to handle ‘cybersecurity incident’

Posted on by Dissent

On August 29, DataBreaches reported that Hospital Sisters Health System (HSHS) and Prevea Health appeared to have been the victims of a ransomware attack. As of today, the notice on Prevea Health states, “HSHS and Prevea are experiencing a systemwide outage of clinical and administrative applications.” Prevea continues to describe it as a temporary outage. HSHS’s website is still down, however, and redirects to its Facebook page with a September 8 update:

UPDATE: FRIDAY, SEPTEMBER 8, 2023 AT 3:50 PM:
As we continue to work on restoration of our systems, we are touched by the kindness and understanding patients and the community has shown our colleagues during this outage. We understand it has been a challenge for everyone but we appreciate your patience and care for us as we care for you.
Despite the outage, please know that all HSHS hospitals and emergency departments remain open, and we continue to safely care for all patients.
Clinic phone service at HSHS Medical Group and Prairie Cardiovascular is being restored. You may call your provider’s office directly at this time. Please do not call HSHS hospitals if you are trying to reach a clinic location. You may experience delays as they are currently handling high call volumes.
Our teams continue to work diligently to bring all of our systems back online as quickly and safely as possible, and we are prioritizing patient safety as we make steady progress in our restoration process. We continue to implement alternative processes to ensure that we can continue receiving and treating patients.
Visit hshsupdates.org for updates on our progress and answers.

HSHS still hasn’t forthrightly disclosed whether this was a ransomware incident or not, although it certainly reads like one. No ransomware group has publicly claimed responsibility for the attack at this point.

And to add to the lack of transparency about this incident, HSHS’s CFO has reportedly left in the middle of incident response?  Diana Barr reports:

The chief financial officer of Hospital Sisters Health System (HSHS), which operates several facilities in Metro East, has exited the nonprofit, while it continues to fight a “cybersecurity incident” that began impacting its operations late last month.

Kimberly Hodgkinson, who has served as the senior vice president and chief financial officer of the Springfield, Illinois-based system since July 2022, left her position as of Friday, a spokeswoman confirmed to the Business Journal.

The health system would not say whether she resigned or was fired.

Read more at St. Louis Business Journal.

Category: Commentaries and AnalysesHealth DataMalwareOf NoteU.S.