Cyber Incident Victim: Southern Ohio Medical Center
Date:
Nov 2021
Location:
United States of America
Summary
A cyberattack disrupted Southern Ohio Medical Center's computer systems, leading to widespread operational issues including canceled outpatient appointments and disabled phone lines. The hospital confirmed server compromises via social media, though inpatient services reportedly remained functional. Emergency response measures were implemented, including ambulance diversions, while system restoration efforts continued. The incident caused significant service interruptions for scheduled patient care across affected facilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 11, 2021, Southern Ohio Medical Center (SOMC) experienced a disruptive cyber incident that forced the cancellation of patient appointments and compromised critical operational systems. The attack became apparent when patients arriving for scheduled outpatient services received emergency notifications that their appointments were canceled due to unforeseen circumstances. Concurrently, internal computer systems and telephone lines became inaccessible across SOMC facilities, preventing normal clinical operations and administrative functions. Hospital staff could not access electronic records or coordinate care through digital platforms. Public speculation about a cyberattack emerged rapidly as the facility’s technological infrastructure remained offline. SOMC later confirmed through its official social media channels that unauthorized actors had breached its computer servers, characterizing the event as a malicious hack. While emergency inpatient care continued without interruption, outpatient services faced significant disruptions, with some departments unable to reschedule appointments immediately. The hospital implemented ambulance diversion protocols to redirect emergency medical transports to other facilities, reducing strain on compromised systems.
The cyberattack triggered operational contingency measures as SOMC worked to contain the incident’s impact. Administrative personnel shifted to manual documentation processes to maintain basic patient care standards during the system outage. Public communications remained limited to social media updates, with no detailed technical explanation of the breach’s scope or the attackers’ methods provided during the initial response phase. Service interruptions primarily affected non-critical outpatient departments, though the duration of cancellations and system restoration timelines were not publicly disclosed. The hospital’s network infrastructure, including servers supporting electronic health records and communication systems, was confirmed as the primary target of the intrusion. No evidence suggested patient data exfiltration or ransomware deployment was involved in the incident based on available statements. SOMC’s incident management approach prioritized maintaining emergency medical services while addressing technological failures caused by the server compromise.