Incident Overview
Starting on September 26, 2024, the University Medical Center (UMC) in Lubbock, Texas, faced an IT disruption due to a ransomware attack.
UMC, a critical Level 1 trauma center, identified unusual activity in its systems and promptly disconnected its network to contain the issue. The Texas Tech University Health Sciences Center (TTUHSC) experienced related IT outages, though it has not confirmed if ransomware was involved.
Exposed Data
While the nature of exposed or compromised data remains undisclosed, the attack's effects have severely impacted patient services and operational capacity across affected facilities.
Impact and Response
UMC confirmed the ransomware attack, taking immediate action to limit its systems' functionality to contain the breach.
TTUHSC reported limited clinical operations and academic disruptions, with campus-specific outages and unreachable websites, affecting communication with patients and students.
Covenant Health System, the only unaffected facility in Lubbock, reported higher patient volumes and extended emergency wait times of up to 8 hours as they absorbed patient overflow.
Risks Identified
- Patient Care Delays: Service limitations at UMC and TTUHSC pose risks for emergency response and patient care across West Texas.
- Operational Strain: Increased patient volume at Covenant Health creates additional challenges and extended wait times for emergency services.
Recommendations
This incident highlights the importance of cybersecurity in healthcare and the critical need for rapid response and containment measures.
Healthcare providers should ensure robust data backup and network isolation strategies to minimize disruptions in patient care in the event of future attacks.
