Cyber Incident Victim: Singing River Health System

Singing River Health System detected unusual activity within its network over the weekend of August 19, 2023. This suspicious activity prompted the organization to take decisive action, leading to the shutdown of certain internal systems as a precautionary measure. The health system subsequently confirmed that the unusual activity was indeed a cyberattack, though the specific nature or variant of the attack was not immediately disclosed in the initial announcements. The confirmation of the incident as a malicious cyber event marked the beginning of a significant disruption to the organization's normal operational procedures. In response to the attack, Singing River implemented its downtime protocols, which are designed to maintain patient care services when electronic systems are unavailable. This meant that all computers at every Singing River hospital and clinic were taken offline and remained shut down as of Monday, August 21st. The immediate impact on clinical staff was substantial, forcing them to revert to manual, paper-based documentation for patient records and care activities.

The clinical teams worked collaboratively to ensure patients continued to receive the high quality of care expected from the health system. Patient care was consistently stated as the top priority throughout the incident, and existing protocols were activated to support this goal. Despite the system-wide computer outage, the health system continued to see patients, though some delays were anticipated. Interim CEO Laurin St. Pe acknowledged that physicians might need to make decisions regarding the postponement of elective procedures based on the circumstances created by the IT outage. The collective effort of physicians, providers, and support staff was described as a team pulling together to navigate the challenges posed by the cyberattack. The dedication of the staff was a key factor in mitigating the immediate impact on patient services and maintaining operational continuity under exceptionally difficult conditions.

An investigation into the cyberattack was launched immediately upon detection of the incident. Singing River engaged third-party forensic specialists to assist in the investigation and worked in conjunction with law enforcement authorities. The primary objectives of the investigation were to understand the full scope and impact of the attack, determine which network systems had been compromised or damaged, and identify the perpetrators behind the incident. As of August 21st, the health system did not yet know who was responsible for the cyberattack or when it would be safe to restore computer systems. The process of forensic analysis was described as meticulous and time-consuming due to the complex nature of such cybersecurity incidents. The internal IT security team at Singing River was reported to be working around the clock to address the situation and support the external investigation.

The health system committed to providing ongoing updates to the public as significant developments emerged from the investigation. Communication with patients and the community was managed through official announcements and a dedicated Frequently Asked Questions section on the Singing River website. For patients with specific questions or concerns about the cyberattack, the health system established a secure communication channel, directing them to submit inquiries via a secure link on the website. This approach was intended to manage the flow of information and provide accurate details while the investigation was still in its early stages. The organization emphasized its diligence in working through the investigation and its focus on obtaining definitive information regarding system availability and a restoration timeline. The overarching message was one of resilience and a steadfast commitment to patient care despite the severe technical challenges presented by the cyberattack.