Cyber Incident Victim: Idaho Falls Community Hospital

On the morning of Monday, May 29, 2023, Mountain View Hospital and Idaho Falls Community Hospital, along with their partner clinics, experienced a cyberattack on their computer systems. The IT team at Mountain View Hospital identified the threat quickly and took immediate action to limit the impacts of the attack. As soon as the cybersecurity incident was detected, the organization proactively took its systems offline to ensure the stability and security of its IT environment. Law enforcement was notified, and an investigation was launched with the help of cybersecurity experts. The teams began working diligently to recover from the incident and understand its full extent and scope.

The immediate operational impacts were significant but managed. Both hospitals remained open and continued to safely care for all patients. Surgeries continued as scheduled, and the emergency department remained operational. However, Idaho Falls Community Hospital initiated ambulance diversions to nearby hospitals as a precautionary measure. A number of partner clinics were forced to close temporarily, and normal workflows were altered. The hospital communicated that patients would be contacted directly by their provider if their appointments needed to be rescheduled. For those who did not receive a call, appointments were to be attended as scheduled. The attack also affected non-clinical operations; the on-site cafés, Cornerstone Café and Higher Grounds, could only accept cash payments due to the IT system outages.

By Tuesday, May 30, the hospitals and clinics were still working around the clock to resolve the issue. The commitment to patient well-being was reiterated as the top priority. Team members, especially the IT staff, were acknowledged for their efforts in limiting the impacts on patients. The community, including local businesses and surrounding healthcare facilities, offered support and encouragement to the organization during this time.

An update on Wednesday, May 31, confirmed that the organizations were still working to fully recover from the cyberattack. The vast majority of clinics were seeing patients as usual, but the full recovery process was ongoing. The investigation into the scope of the incident continued with the assistance of leading cybersecurity experts who were engaged to help understand the event and assist in the recovery efforts.

By Friday, June 2, the hospital provided a more detailed update, characterizing the event as a cybersecurity incident on its IT systems. The proactive measure of taking systems offline was reaffirmed as a step to ensure environmental security. The investigation was ongoing, with teams working to bring systems back online as quickly and safely as possible. The hospital apologized for any inconvenience or delays experienced by the community and stated it was looking for opportunities to further enhance its existing security measures through the investigation.

On Monday, June 5, Mountain View Hospital and its partner clinics assured the community they remained open for patients. Over the preceding weekend, the team of cybersecurity experts had furthered their work to understand the scope of the incident. Progress was being made, but diligent work continued to bring the systems back online. The community's patience and support were appreciated.

Steady progress was reported on Thursday, June 8. Working with top national cybersecurity experts, the recovery efforts were advancing. A significant development was that Teton Cancer Institute had restored certain operations, allowing it to care for more of its patients each day. This included the continuation of critical treatments like radiation therapy and chemotherapy. The goal remained to bring Teton Cancer Institute and all partner clinics back to full operational capacity. Teams throughout both hospitals and the partner clinics continued to provide necessary patient treatment.

By the afternoon of Friday, June 9, the hospital shared that there was more work to be done but highlighted the progress achieved. With the help of cybersecurity experts, the organization was getting closer to bringing departments across all facilities to full operational capacity. While a definitive timeline for full restoration could not be provided, the community was assured that work was proceeding as quickly and safely as possible. All clinics, except for Redicare, were open and seeing patients. Redicare was scheduled to reopen in the coming days. The hospital addressed community questions about billing, confirming that billing was on hold and that there would be no penalties for late payments or accounts sent to collections due to a lack of payment once normal operations resumed. The team's hard work and commitment were thanked, as was the community's support.

On Tuesday, June 13, Mountain View Hospital shared that all partner clinics were back open and caring for patients, with Redicare having reopened for the community on Sunday, June 11. The hospital stated it would continue to provide further updates as information became available.

A final update on Wednesday, June 14, reminded patients that billing was still on hold. The hospital committed to moving due dates back once normal billing operations resumed to give patients plenty of time to pay their bills. It guaranteed that no late fees or interest would be added to bills and that no accounts would be sent to collections due to a lack of payment during this period. Contact numbers for the billing department were provided for patients who needed to reach them. The incident caused significant disruption to hospital and clinic IT systems, necessitating a multi-week recovery effort with external cybersecurity support. Patient care was maintained through adjusted operations, but billing and payment systems were suspended for the duration of the incident and its immediate aftermath. The investigation into the incident's cause and scope continued throughout the response period.