Cyber Incident Victim: St. Margaret's Health - Spring Valley
Date:
Feb 2021
Location:
United States of America
Summary
St. Margaret's Health - Spring Valley experienced a cyberattack prompting an immediate shutdown of its entire computer network, including email, electronic health records, and web-based operations, forcing a transition to paper documentation and telephone or fax communications. Diagnostic imaging services were diverted to the organization's Peru location while cybersecurity experts investigated the incident, with no established timeline for restoring normal operations; the hospital stated there was no evidence of compromised patient information and emphasized its preparedness through regular downtime drills and existing paper-based contingency protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 21, 2021, St. Margaret’s Health – Spring Valley in Illinois discovered a cybersecurity breach, prompting its IT department to initiate an immediate and complete shutdown of the hospital’s computer network. This action disabled all digital operations, including email systems, the electronic health record (EHR) patient portal, and web-based services. In response to the network outage, the hospital diverted diagnostic imaging procedures to its sister facility, St. Margaret’s Health–Peru, to maintain critical patient care services. Operations at the Spring Valley location transitioned entirely to offline methods, with staff reverting to paper medical records and discontinuing electronic workflows. Telephone and fax communications were maintained after being verified as secure channels for continued operations. Hospital administrators confirmed no timeline existed for restoring full system functionality, citing the ongoing nature of the cybersecurity investigation.
The incident triggered a formal investigation by cybersecurity experts to determine the breach’s origin and scope, though hospital officials publicly stated they had not identified how the intrusion occurred. Linda Burt, Vice President of Quality and Community Services, emphasized the hospital’s preparedness for such disruptions, noting regular downtime drills and experience managing system outages during routine updates. Despite the operational disruption, the hospital reported no evidence suggesting unauthorized access to or exfiltration of patient information during the breach. Continuity protocols enabled staff to implement pre-established paper-based processes for clinical and administrative functions while digital systems remained offline. The hospital maintained patient services through manual workflows and inter-facility collaboration, with no public disclosure of specific clinical or financial impacts beyond the imaging diversions and record-keeping adjustments.