Cyber Incident Victim: East Tennessee Children's Hospital

On March 13, 2022, East Tennessee Children’s Hospital (ETCH) experienced an information technology security issue that disrupted normal operations. The hospital promptly acknowledged the incident through a website notice, emphasizing patient safety as its top priority while confirming continued ability to provide care. ETCH activated cyber forensics teams and engaged external agencies to investigate and resolve the issue, describing the response as active and ongoing. By March 14, the hospital announced via Facebook that X-Ray services would be unavailable at all Children’s Hospital Urgent Care Centers for the remainder of the night, indicating specific diagnostic service interruptions. The following day, ETCH directed patients of its Developmental Behavioral Center to call the facility directly for scheduled appointments, revealing that the center lacked access to emails sent after the previous Friday afternoon, suggesting email system compromises or communication platform outages.

CEO Matthew Schaefer issued a public statement on March 15 reaffirming ETCH’s operational capacity to treat patients despite the ongoing IT disruptions. The hospital reiterated its reliance on established contingency processes to maintain safe and effective care delivery, urging families not to delay seeking medical services. Throughout the incident, ETCH provided regular updates via its website and Facebook page, maintaining transparency about service limitations while acknowledging community patience. Forensic investigations and mitigation efforts continued without public disclosure of root causes or threat actor details. The hospital did not confirm whether patient data was exposed during the incident. ETCH concluded its communications by thanking staff and the community for their support, pledging further updates as the situation evolved, though no resolution timeline or full restoration details were provided in the available reports.