Ohio medical center offline following another security incident in the health sector

It's the second time in a week that a cybersecurity incident has disrupted IT networks at a U.S. hospital.
(Getty Images)

A cybersecurity incident has forced the computer systems of an Ohio medical center offline for multiple days and prompted the clinic to postpone elective procedures for patients.

A statement Tuesday from the Ashtabula County Medical Center, which includes a hospital of more than 200 beds, said the emergency department remains open and that outpatient care has continued as outside security experts investigate the disruption.

The medical center did not specify the cause of the security incident, though Wired reported that ransomware was the cause. A spokesperson for the medical center did not respond to a request for comment Tuesday. NBC News first reported on the medical center’s statement.

The disruption at Ashtabula County Medical Center comes as Universal Health Services, which describes itself as one of the largest health care providers in the U.S. grapples with a suspected ransomware attack.


In what has become a familiar refrain in health care organizations’ response to cyberattacks, the Ashtabula County Medical Center said it was implementing back-up plans for operating and that patient data didn’t appear to be compromised. “The safety of our patients and caregivers is always our highest priority and has not been affected by this disruption,” said Michael Habowski, the medical center’s CEO.

The growing dependence of health care facilities on information technology, along with the strain on resources due to the coronavirus pandemic, have made the sector vulnerable to criminal hacking. Earlier this month, a patient in Germany died after being turned away from a hospital that was hit by another ransomware attack.

Allan Liska, a ransomware specialist at threat-intelligence firm Recorded Future, counted more than 70 publicly reported ransomware attacks on health care providers this year — more than in all of 2019.

“Ransomware actors go after health care providers because they are easy, and profitable, targets,” Liska told CyberScoop. “While there are some ransomware groups that won’t target hospitals, most prefer the money and don’t care about the consequences.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts