Cyber Incident Victim: UT Health East Texas
Date:
Nov 2023
Location:
United States of America
Summary
A hospital network in East Texas experienced a cybersecurity incident leading to a network outage, prompting the implementation of downtime procedures and preventing ambulance acceptance at emergency rooms. The organization locked down its systems while investigating the potential security breach and working to restore computer networks, though restoration timelines remained uncertain. This disruption affected operations across 10 hospitals and over 90 clinics, reflecting a broader pattern of similar incidents impacting healthcare facilities nationwide. Federal agencies tasked with assisting critical infrastructure providers did not immediately comment on the event, which coincided with heightened concerns about holiday-period cyberattacks targeting under-resourced healthcare organizations facing rising ransomware threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A potential cybersecurity incident disrupted operations at UT Health East Texas beginning on November 23, 2023, forcing the hospital network to implement emergency protocols. The organization detected a network outage on Thanksgiving Day and initiated lockdown procedures to contain the suspected security breach. This incident prevented all 10 hospitals within the network from accepting ambulance transports to emergency departments, significantly impacting emergency medical services across their East Texas service area. UT Health East Texas activated established downtime procedures to maintain clinical operations while investigating the incident and attempting to restore computer systems. Initial statements indicated an expectation of restoring network functionality within 24-36 hours, though subsequent developments remained unclear as of November 24. The health system, which operates more than 90 clinics and serves thousands of patients annually, maintained limited operations through manual processes typically reserved for system failures. Hospital spokesperson Allison Pollan confirmed the ongoing investigation but declined to provide additional details regarding the nature of the incident or specific response measures when contacted by CNN.
The disruption placed UT Health East Texas among numerous healthcare providers experiencing similar operational crises from cyber incidents during 2023, with at least 209 ransomware attacks reported against US healthcare organizations that year. Federal agencies including the Department of Health and Human Services, Cybersecurity and Infrastructure Security Agency (CISA), and FBI had been alerted to the situation but offered no immediate public commentary. This incident occurred during a holiday period when critical infrastructure operators remain particularly vigilant about cyber threats due to reduced staffing levels. The hospital network's prolonged ambulance diversion mirrored recent cybersecurity incidents affecting healthcare facilities in Connecticut, Florida, Idaho, and Pennsylvania over the preceding nine months. Healthcare organizations continue facing operational vulnerabilities to cyberattacks despite increased federal attention, including CISA's recent release of enhanced cybersecurity guidelines for medical facilities. The UT Health East Texas incident highlighted persistent sector-wide challenges in maintaining cybersecurity defenses against evolving threats.