Cyber Incident Victim: Community Health Northwest Florida
Date:
Dec 2024
Location:
United States of America
Summary
Community Health Northwest Florida experienced a cyberattack that disrupted phone, internet, and server systems, necessitating a shift to paper records and mobile devices for operational continuity. The organization has since fully restored its communication infrastructure, enabling patients to resume standard appointment scheduling and prescription services through original clinic channels, while maintaining a temporary hotline as a precautionary backup measure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 24, 2024, Community Health Northwest Florida experienced a cyberattack that disrupted critical communication infrastructure, including phone systems, internet connectivity, and computer servers. The incident forced the healthcare organization to suspend normal digital operations and implement manual workarounds to sustain patient care services. Staff transitioned to paper-based medical records for documentation and relied on personal cell phones to coordinate internal communications and external patient interactions. This operational shift occurred during the Christmas holiday period, potentially compounding logistical challenges due to reduced staffing levels typical of seasonal schedules. The attack’s immediate impact prevented patients from using standard channels to schedule appointments or request prescription refills, though the organization maintained clinical operations through alternative methods. No details were disclosed regarding the attack’s origin, specific malware involved, or whether patient data was accessed or exfiltrated during the incident.
By January 1, 2025, Community Health Northwest Florida completed restoration of all affected systems, enabling full resumption of standard communication protocols. Patients regained the ability to contact clinics through the organization’s primary phone number for appointment scheduling and prescription management. Despite system recovery, the healthcare provider maintained a temporary hotline as a contingency measure to ensure uninterrupted patient access should residual issues emerge. The cyberattack’s operational consequences remained confined to communication and administrative systems, with no reported disruptions to clinical care delivery or emergency services throughout the incident. The organization did not publicly disclose whether law enforcement or third-party cybersecurity firms assisted in the investigation or recovery process, nor did it specify any long-term modifications to its IT infrastructure following the event.