For St. Margaret’s Health (SMH) in rural Illinois, the ransomware attack was the last straw. SMH closed its two hospitals in Peru and Spring Valley on June 16, and cited a recent cyberattack as one of the causes. The Catholic hospitals were about 4 miles apart and served a rural community along the Illinois River, about an hour and a half southwest of Chicago.
The closing was explained by Sister Suzanne Stahl, director Provincial at Sisters of Mary of the Presentation in a Facebook video in May:
“Due to a number of factors such as the COVID-19 pandemic, the cyberattack on the computer system on St. Margaret’s Health and a shortage of staff, it has become impossible to sustain our ministry. This saddens us greatly.” (italics added for emphasis)
A notice on the St. Margaret’s Health website says “SMH Peru and Spring Valley will be closing all current operations as of Friday, June 16, 2023 at 11:59 P.M. This includes the Hospital, Clinics and other facilities at both locations. Patients needing emergency care should call 911.
The ransomware attack in 2021 interrupted the hospital’s ability to submit claims to insurers, Medicare or Medicaid for months, sending it into a financial spiral, according to Linda Burt, the hospital’s vice president of quality and community services, in an interview with NBC News.
St. Margaret’s is not alone. Rural hospitals across the country are struggling and many others are closing, according to a recent report from the American Hospital Association (AHA). The report describes a variety of causes, including low reimbursement, staffing shortages, low patient volume and continued financial challenges from the COVID-19 pandemic.
Regardless of the cause, the outcome is devastating for patients who need access to care. The closest hospital now is at least 30 minutes away. Although SMH entered an agreement with OSF Health to buy and restart service at the Peru location, OSF is unable to confirm when service might start.
HIPAA Risk Management Fights Ransomware
The best defense against cybercrime is a robust HIPAA risk analysis and risk management program. The Security Rule Checklist, as part of an annual Risk Analysis will uncover threats and vulnerabilities and offer guidance to reduce those threats.
HIPAA compliance is not expensive or complicated. Healthcare organizations facing financial challenges can strengthen cybersecurity and follow a risk management plan to prevent ransomware from delivering a fatal blow.