Cyber Incident Victim: Indiana Health System
Date:
Oct 2021
Location:
United States of America
Summary
A cyberattack disrupted Johnson Memorial Health's computer network, prompting the health system to implement electronic health record downtime procedures and disable affected systems. The incident forced clinicians to rely on manual processes like pen-and-paper documentation while working with cybersecurity partners and the FBI to restore operations. Patient services largely continued without cancellations, though registration delays necessitated earlier arrival times for appointments. This marked the second such attack against an Indiana healthcare provider within days, following another nearby hospital's network outage that similarly required EHR contingency measures. Officials emphasized ongoing efforts to resolve intermittent technical issues while maintaining care delivery, noting investments in cybersecurity preparedness prior to the incident amid rising sector-wide threats targeting healthcare organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Johnson Memorial Health experienced a cyberattack on October 2, 2021, forcing the Indiana-based health system to implement electronic health record downtime procedures across its network of primary care sites, specialist offices, and facilities spanning three counties. Upon detecting the intrusion, the organization immediately disabled its computer network to contain the threat. The incident response team collaborated with external cybersecurity partners and the FBI to investigate the attack's scope and origin. Restoration efforts faced significant challenges due to the attack's complexity, with officials warning that full system recovery might require several days. Despite operational disruptions, no patient appointments or surgeries were canceled, though registration delays prompted advisories for patients to arrive earlier than scheduled. The health system maintained clinical services using established contingency protocols, with most operations continuing uninterrupted through manual processes.
This incident marked the second major cyberattack against an Indiana healthcare provider within a week, following a September 29 breach at Schneck Medical Center that similarly forced EHR downtime procedures. Both attacks occurred during a regional COVID-19 surge that had already strained hospital resources, leading Schneck to temporarily postpone certain non-emergent inpatient surgeries deemed safe to delay. Schneck's recovery efforts involved third-party security consultants working to restore systems and strengthen IT protocols while clinicians maintained services through pen-and-paper documentation. The provider continued experiencing intermittent phone system disruptions several days post-incident. These attacks followed an August data breach at Eskenazi Health involving theft of patient and employee information, part of a broader pattern affecting over a dozen providers—particularly nonprofit and rural healthcare organizations—within the preceding month. Officials emphasized ransomware and network disruption attacks as critical threats to patient safety while maintaining clinical operations through emergency protocols.