Cyber Incident Victim: Liberty Hospital
Date:
Nov 2023
Location:
United States of America
Summary
Liberty Hospital experienced a cyber security incident causing prolonged system downtime, necessitating a shift to paper-based patient records and manual processes. Staff expressed concerns about patient safety due to challenges in maintaining accurate medical documentation, including lost prescriptions and inconsistent diagnosis records, while hospital administration emphasized enhanced nursing ratios and incremental progress restoring systems. Patients reported normal operations despite visible reliance on paperwork, though cybersecurity experts warned of potential exposure of sensitive medical and financial data. The hospital declined to specify a recovery timeline but acknowledged the broader trend of healthcare sector cyberattacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 17, 2023, Liberty Hospital in Liberty, Missouri, experienced a cyber security incident that disrupted its computer systems for nearly two weeks, with recovery timelines remaining uncertain as of early December. The hospital activated downtime procedures, shifting clinical operations to paper-based documentation systems across inpatient areas. Staff relied on handwritten patient charts for medical histories, prescriptions, and diagnoses, leading to operational challenges including potential inconsistencies in records. Multiple anonymous employees reported difficulties tracking patient information accurately, citing instances of lost prescriptions or conflicting diagnostic records due to the lack of digital systems. Liberty Hospital administration emphasized adherence to pre-established downtime protocols and increased nursing staff ratios to mitigate risks, assigning additional nurses and support personnel per patient. Patient Michelle Manuel confirmed heightened staffing levels during her stay, while the hospital stated it was making daily progress restoring systems but provided no specific restoration deadline. External cybersecurity experts, including Check Point Software’s Cyndi Carter, highlighted risks to patient data security, noting that compromised systems could expose medical records and financial information such as insurance or payment details.
The prolonged outage intensified internal concerns among clinical staff, who anonymously expressed fears that patient safety faced “serious jeopardy” due to persistent system failures. Nurses reported widespread computer inoperability, forcing manual reconciliation of medical data across paper records, which they described as error-prone under emergency conditions. Patients like Margie Kinslow observed continued reliance on paperwork during visits but noted outwardly normal operations, with staff discussing ongoing recovery efforts. Liberty Hospital declined to specify the attack’s origin, scope, or whether data exfiltration occurred, framing the incident as part of a broader trend targeting healthcare providers. Check Point Software data cited in the hospital’s statement indicated over 1,600 cyber attacks against the healthcare sector in 2023 alone. While the hospital assured progress in restoring capabilities, it acknowledged the complexity of full recovery without committing to a resolution date, leaving staff and patients navigating manual workflows indefinitely.