A hacking incident has hit the parent company of CHI Memorial and affecting the local hospital.
CHI officials said some patient procedures have had to be rescheduled and some systems taken offline.
A source said CHI Memorial employees on Monday morning were notified of the "internal disaster." The source said it is believed the hack may have come from China.
Hospital officials said, "CHI Memorial’s parent company, CommonSpirit Health, is managing an IT security incident which is impacting some of our facilities. As a precautionary step we have taken certain IT systems offline, which may include electronic health record (EHR) systems and other systems. Our facilities are following existing protocols for system outages and taking steps to minimize the disruption.
"We take our responsibility to ensure the privacy of our patients and IT security very seriously. As a result of this incident, we have rescheduled some patient procedures. Patients will be contacted directly by their provider and/or care facility if their appointment is impacted."
John Anthony Smith, whose Chattanooga-based Conversant Group works to prevent such breaches, said, “I cannot speak to the specific situation at CHI Memorial and CommonSpirit Health; however, my heart is with the IT Professionals, staff members, and executive leadership that are maneuvering these horrific conditions. Threat actors are vicious, and they do not care about the lives they destroy or injure. We, Conversant Group & Fenix24, have faced threat actors in many breaches over our long history, and we understand the pain, damage, and destruction they are capable of. Fenix24 focuses on companies in these situations, like CommonSpirit, to recover from breaches, locate/isolate/eradicate the threat actors, and rebuild/recover systems as needed.
"Unfortunately, most breaches have common causes, and they are largely simple and easily preventable…but, conversely, easily missed. IT Professionals often spend most of their day-to-day “keeping the lights on,” and often do not have the time to make sure every window and door are closed. A carefully orchestrated security management program that evaluates TRUE technical risk is critical. Threat actors do NOT attack an organization’s policies: they attack technical controls and systems orchestration.
"My educated guess is that, like most breaches, this event occurred due to one or more of these common causes:
- Vulnerable / weak / untested recovery systems.
- Poor e-mail filtering defenses.
- Poor credential / identity management or lack of multifactor authentication.
- Limited or poor third party / supply chain management.
- Weak / inadequate endpoint controls.
- Limited or inadequate Security Operation Center services.
- Google Chrome use and/or browser password caching allowed.
- Limited or poor security awareness training.
"Again, my prayers are with those facing many long nights, weeks, and months in recovering from this breach; it isn’t fun. We do this daily; we get in these ditches with our clients - it’s our Good Samaritan value.”