Cyber Incident Victim: Clay County
Date:
Nov 2023
Location:
United States of America
Summary
A cybersecurity incident disrupted operations at Liberty Hospital, forcing reliance on paper charts and manual record-keeping amid prolonged system downtime. Staff expressed concerns over patient safety risks, citing lost prescriptions, inconsistent diagnoses, and challenges maintaining accurate records due to non-functional computer systems. The hospital acknowledged implementing higher nursing ratios and incremental system restorations, but employees anonymously reported ongoing risks to patient care. Patients observed increased paperwork but described operations as outwardly normal. Experts warned that compromised systems could expose medical histories and financial data, though the hospital did not confirm data breaches. The incident reflects broader healthcare sector vulnerabilities to cyberattacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A cyber security incident impacted Liberty Hospital in Liberty, Missouri, beginning on or around November 17, 2023, and remained unresolved as of December 1, 2023. The hospital transitioned to paper-based patient charting and manual record-keeping after computer systems became non-functional, with staff reporting persistent technical disruptions nearly two weeks into the incident. Employees anonymously disclosed operational challenges, including lost prescription records, conflicting diagnostic documentation, and difficulty maintaining accurate patient information due to the absence of digital systems. Nurses expressed concerns that prolonged reliance on manual processes created risks to patient safety, with one stating some patients were in "serious jeopardy" due to inconsistencies in medical records. Patients observed increased paperwork during visits but described operations as outwardly normal, with one noting staff documented medical histories manually while awaiting system restoration. Hospital administration acknowledged the incident but did not specify its origin, duration, or full technical scope, describing it as part of broader cybersecurity challenges facing healthcare organizations.
Liberty Hospital implemented emergency protocols including elevated nursing staff-to-patient ratios to mitigate care disruptions, asserting staff were trained for such contingencies. Daily progress was reported in restoring systems, though no definitive recovery timeline was provided. Cybersecurity experts warned the incident potentially exposed sensitive patient data, including medical records and financial information such as insurance details or payment methods. The hospital did not confirm whether data exfiltration occurred or specify which systems remained offline. Industry context indicated the attack aligned with a surge in healthcare sector cyber incidents, with over 1,600 recorded attacks against medical organizations in 2023. While patients described functional care delivery, internal staff maintained the extended duration of manual operations introduced significant clinical risks, particularly regarding medication administration and diagnostic consistency.