Cyber Incident Victim: Queen Elizabeth Hospital
Date:
Dec 2022
Location:
Barbados
Summary
A cybersecurity incident disrupted operations at Queen Elizabeth Hospital, causing service interruptions across multiple departments including pharmacy, medical records, out-patient clinics, and radiology, with medication delivery suspended and diagnostic services rescheduled. The hospital's IT team collaborated with national agency MIST and external cybersecurity experts to contain the breach, initiate system cleaning, and implement manual workarounds while restoring connectivity through phased recovery efforts. Critical departments like Accident & Emergency remained operational, though with delays, and salary payments experienced temporary disruption before partial restoration alleviated pressure on medical services during the recovery period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Queen Elizabeth Hospital (QEH) in Barbados experienced a cybersecurity incident on December 13, 2022, which disrupted all internet-dependent services. Initial impacts included the suspension of radiology services (CT scans, X-rays, ultrasounds), requiring rescheduling of affected appointments. The hospital’s pharmacy maintained operations but suspended its Medication Delivery Service, necessitating in-person prescription pickups and submissions for refills requested after December 8. Medical Records could not issue new appointment dates electronically, relying on manual logging of patient requests with plans to notify individuals post-restoration. Outpatient clinics remained open but experienced delays, while the Accident & Emergency Department continued operating normally alongside uninterrupted ambulance and blood donation services. The Information Technology Department, Barbados Ministry of Innovation, Science and Technology (MIST), and private cybersecurity experts immediately collaborated to identify the attack source and develop containment strategies. On-site backups preserved critical data continuity during the outage.
By December 16, restoration efforts advanced with IT teams focusing on reestablishing connectivity, promising operational timelines by December 19. Four priority departments were slated for reactivation by December 21 to alleviate strain on Medical Services and Accident & Emergency. Salary payments commenced on December 22 despite ongoing disruptions. The hospital transitioned to phased system restoration in early January 2023, initiating cleaning of infected computer systems. Pharmacy operations continued with adjusted hours and mandatory in-person ID verification for prescription collection, while outpatient clinics urged patients to attend scheduled appointments despite persistent manual processing delays. Medical Records maintained manual logging of appointment requests pending system recovery. Executive Chairman Juliette Bynoe-Sutherland and Chief Operations Officer Dr. Christine Greenidge acknowledged staff efforts in maintaining manual operations and public patience during the prolonged recovery, emphasizing incremental progress toward full service normalization without specifying a definitive resolution date.