Cyber Incident Victim: Taylor Regional Hospital
Date:
Jan 2022
Location:
United States of America
Summary
A cyberattack disrupted Taylor Regional Hospital's operations, causing widespread network and phone system outages that forced the institution into electronic health record downtime procedures. Patient care faced significant disruptions, including limited outpatient lab services with reduced hours, restricted walk-in COVID-19 testing availability on a first-come basis, and canceled afternoon outpatient services. Clinicians could not access prior lab results or reference ranges, requiring handwritten documentation and preventing final result validation per accreditation standards. The hospital maintained emergency services for chemo and STAT orders while advising patients to bring current medications and written lab orders to appointments. Temporary phone lines were established for specific departments as restoration efforts continued longer than anticipated, with systems remaining offline during recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack impacted Taylor Regional Hospital (TRH) in Campbellsville, Kentucky, beginning on January 19, 2022, causing widespread system outages. The incident led to network failures, electronic health record (EHR) downtime, and phone line disruptions, forcing the hospital into manual operations. TRH publicly acknowledged the cybersecurity incident on January 24, confirming its systems were down and under investigation while restoration efforts were underway. Critical clinical and administrative functions were affected, including the inability to access patient records, process lab results electronically, or communicate via standard phone channels. Temporary phone numbers were activated for specific departments—including the walk-in clinic, orthopedics, pediatrics, and surgical associates—to maintain limited communication. Patients were instructed to bring current medications and written lab orders to appointments due to the EHR inaccessibility.
The attack significantly disrupted patient care operations. Routine outpatient lab services were restricted to reduced hours (8:00 a.m. to 2:00 p.m. daily), with only chemo and STAT orders accepted outside this window. COVID-19 testing at the walk-in clinic was limited to a two-hour window (10:00 a.m. to 12:00 p.m.) on a first-come, first-served basis, with no scheduling capability and finite test availability. Social media reports indicated outpatient services were canceled after 2:00 p.m. on January 25, and clinicians could not access lab results from prior to the attack or transmit data externally via fax. Lab work had to be documented manually, preventing adherence to accreditation standards for finalized results due to the inability to verify reference ranges. TRH acknowledged the restoration process was taking longer than anticipated, particularly for recovering pre-incident lab data and reestablishing connectivity with external partners like LabCorp. The hospital continued to provide care but warned of extended wait times and operational limitations until systems were fully restored.