Cyber Incident Victim: Culbertson Memorial Hospital

On March 30, 2023, at 3:00 AM, Culbertson Memorial Hospital in Rushville, Illinois, discovered a significant network disruption. This discovery prompted immediate action from hospital officials, who took the decision to take the hospital's information systems offline. This defensive measure was implemented to contain the disruption and prevent its potential spread. The action disabled access to most of the hospital's core functions, severely impacting its operational capabilities. The hospital's Chief Executive Officer, Gregg Snyder, stated that this step was necessary to allow for a proper investigation into the suspicious activity detected on their network.

Following the initial detection and containment step, the hospital leadership immediately engaged external expertise. They retained third-party specialists to assist with the forensic investigation and response efforts. The involvement of these specialists was a key component of the hospital's initial response strategy, aimed at understanding the scope and nature of the network intrusion. By the afternoon of March 30, CEO Gregg Snyder issued a public statement confirming the hospital had been the victim of a cybersecurity incident. He acknowledged that the full depth of the intrusion was not yet understood at that early stage, but confirmed that staff were working continuously to determine what had occurred.

In the immediate aftermath of the attack, the hospital's primary operational focus was on restoration and recovery. Director of Community Relations Molly Sorrell stated on March 30 that the immediate goal was to become fully functional by the following Tuesday, April 4. This indicated an initial expectation of a relatively short recovery timeline. However, as the investigation progressed, the complexity of the incident became more apparent. CEO Snyder later provided an updated restoration forecast, stating that while some system functionality had been regained, the hospital expected to have all critical service systems fully restored by April 11, 2023. This extended timeline reflected the challenges involved in securely bringing systems back online.

A major concern throughout the incident was the status of sensitive data. The hospital officially stated that it did not yet know if any patient healthcare information or patient account information had been compromised. This uncertainty was due to the ongoing nature of the forensic investigation, which was working to determine whether the attackers had accessed or exfiltrated any protected data. The potential compromise of patient information remained an open question as the hospital worked to restore its systems.

The cyberattack had a tangible impact on the hospital's daily operations. Taking the information systems offline resulted in the loss of access to most functions. This disruption affected administrative, clinical, and patient accounting systems, hindering the hospital's ability to deliver services in its normal manner. The effort to restore these critical services became the central focus of the organization's activities, requiring significant resources and effort from both internal staff and the retained third-party experts.

As part of the response, Culbertson Memorial Hospital initiated upgrades and security improvements to its IT infrastructure. CEO Snyder stated that these measures were being implemented to help prevent similar events from occurring in the future. These actions represented the beginning of the remediation and hardening phase following the incident. The hospital administration also publicly acknowledged the disruption caused to its employees, patients, and the wider community, expressing appreciation for their patience and understanding during the challenging period of recovery and investigation. The event underscored the vulnerability of healthcare infrastructure to cyber threats and the extensive effort required to investigate, contain, and recover from such an attack.