Cyber Incident Victim: Nebraska Medicine

Nebraska Medicine experienced a significant information technology system downtime event beginning the week of August 24, 2020, later confirmed on September 25 to have resulted from a cybersecurity attack. The disruption caused operational challenges across the healthcare system, forcing the postponement of numerous patient appointments throughout the affected week. The organization prioritized critical appointments and surgeries essential to patient health and wellbeing, continuing to see those patients using standardized manual processes to record and transmit clinical information. Elective procedures and non-critical appointments were systematically rescheduled, with the institution issuing apologies for the inconvenience caused by these necessary adjustments. Nebraska Medicine maintained full emergency department operations without diverting any patients, ensuring uninterrupted access to urgent care services despite the widespread IT outage.

The healthcare provider immediately notified law enforcement agencies upon identifying the cyber attack and activated pre-established contingency plans designed for such IT system disruptions. These protocols included staff training components that facilitated the transition to alternative workflows during the outage. Clinical teams relied on manual documentation methods to sustain patient care delivery while IT systems remained inaccessible. The incident caused substantial scheduling disruptions across multiple days, reflecting the attack's impact on core operational systems. Nebraska Medicine's public statement emphasized their focus on maintaining critical healthcare services while working to restore normal operations, though the specific duration of full system recovery and technical details of the attack vector were not publicly disclosed. No patient data compromise was mentioned in the initial confirmation of the security event.