Cyber Incident Victim: Tallahassee Memorial HealthCare
Date:
Feb 2023
Location:
United States of America
Summary
Tallahassee Memorial HealthCare experienced a cybersecurity incident involving unauthorized IT system access, prompting proactive shutdowns of affected systems and activation of downtime protocols. Non-emergency appointments, surgeries, and outpatient procedures were rescheduled, while EMS diversions were implemented except for critical trauma cases within the immediate service area. Patient care continued under contingency measures, with law enforcement notified and engaged in the ongoing investigation. The disruption led to operational delays, though systems were prioritized for gradual restoration without a confirmed recovery timeline. Media reports suggested potential ransomware involvement, aligning with broader trends of healthcare sector targeting by cybercriminal groups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Tallahassee Memorial HealthCare (TMH) experienced an IT security incident beginning late on February 2, 2023, which prompted the organization to take its IT systems offline as a precautionary measure. The hospital's IT department detected the issue early and proactively initiated system-wide downtime protocols to limit operational disruption. This action led to the immediate suspension of all non-emergency surgical procedures, outpatient appointments, and the rescheduling of affected patient services. TMH implemented emergency care contingency plans, maintaining capacity to treat existing hospitalized patients while diverting incoming EMS transports except for Level 1 trauma cases originating within its immediate service area. Hospital administrators notified law enforcement authorities upon discovering the breach and collaborated with investigative agencies throughout the response. Patient safety remained the institution's declared priority during the outage, with clinical staff relying on established manual protocols for patient care documentation and coordination.
The cybersecurity event significantly disrupted hospital operations, requiring the cancellation of non-essential medical services and causing appointment rescheduling across affiliated care facilities. TMH personnel conducted system-wide evaluations to prioritize restoration efforts, bringing individual IT components back online sequentially without establishing a public recovery timeline. Media reports citing unnamed sources characterized the incident as a suspected ransomware attack, though hospital officials did not confirm this attribution publicly. Federal advisories referenced in subsequent analysis noted increased ransomware targeting of healthcare organizations throughout 2022, with groups including Royal, Venus, Maui, Zeppelin, and Daixin Team specifically highlighted as threats to the health sector. This marked the second suspected ransomware incident affecting U.S. hospitals in early 2023, following an attack on Atlantic General Hospital in Maryland. TMH maintained communication updates through its website and social media channels while continuing to operate under modified care protocols until full system restoration.