Cyber Incident Victim: Johnson Memorial Health
Date:
Oct 2021
Location:
United States of America
Summary
Johnson Memorial Health experienced a cyberattack prompting electronic health record downtime procedures and network shutdown. The health system collaborated with cybersecurity experts and law enforcement to investigate and restore operations, anticipating prolonged recovery due to the incident's complexity. Patient services continued using established contingency plans, though registration delays necessitated earlier arrival times for appointments. This incident occurred amid a series of attacks targeting Indiana healthcare providers, causing operational disruptions and data breaches at multiple facilities without canceling scheduled care.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 2, 2021, Johnson Memorial Health experienced a cyberattack that disrupted its computer network, prompting the Indiana-based health system to implement electronic health record downtime procedures. The organization, which operates primary care sites, specialist offices, and facilities across three counties, disabled its network upon detecting the intrusion. Response teams collaborated with external cybersecurity partners and the FBI to investigate the incident. Restoration efforts faced significant challenges due to the attack's complexity, with officials anticipating several days before full system recovery. Despite operational disruptions, no patient appointments or surgeries were canceled, though registration processes required additional time, leading officials to advise patients to arrive earlier than scheduled for appointments. Existing recovery protocols enabled most clinical services to continue uninterrupted through manual documentation methods.
The incident occurred amid a surge in cyberattacks targeting Indiana healthcare providers, including Schneck Medical Center, which entered EHR downtime on September 29 after a separate network compromise. Both organizations maintained critical patient services using paper-based workflows while working with third-party security firms to restore systems and strengthen IT protocols. Johnson Memorial emphasized its substantial prior investments in cybersecurity and commitment to maintaining care standards during the outage. Concurrent COVID-19 case increases in the region compounded operational pressures, with Schneck temporarily postponing non-emergent inpatient surgeries deemed safe to delay. Phone system interruptions persisted at Schneck throughout the weekend following their attack, as noted in social media updates. This series of incidents followed an August 2021 breach at Eskenazi Health involving data theft and affected more than a dozen providers nationally within the same month, predominantly impacting rural and nonprofit healthcare organizations.