Hospital Sisters Health System President and CEO Damond Boatwright, in an online video posted Friday night, confirmed the outage that brought down internal systems, including communications, was the result of a "cybersecurity incident."
"Trust and transparency are foundational to HSHS and how we provide care and our ministries," Boatwright said as he provided limited details.
"Early Sunday morning, we began experiencing a system-wide technical outage that impacted our hospital and clinic operations," he said. Boatwright indicated clinicians implemented "system downtime procedures" they are trained to follow in such instances.
"We were able to remain operational and continue to provide care," he added. Boatwright also thanked the community for patience and understanding as they work to fully restore phone service and online tools.
"Based on our findings, we can confirm this was the result of a cybersecurity incident. Our investigation into the scope and impact of the incident is ongoing," he said.
The outage has left many patients unable to contact area hospitals, such as St. John's in Springfield, St. Mary's in Decatur and St. Francis in Litchfield, as well as local clinics and other affiliated medical professionals. Some patients have had to reschedule their care. HSHS has 15 affiliated hospitals and various clinics across Illinois and Wisconsin.
"We’re receiving assistance from third party experts and we’re also working with law enforcement. We have deployed additional security measures to safeguard our systems and we have not detected any further unauthorized access in our IT environment," Boatwright said.
While no details were given as to what, if any, personal information might have been breached, HSHS posted an online warning Friday that some patients were being contacted regarding payment owed the medical group.
"At this time, we are not collecting payments from any patients for outstanding bills. We will notify you when billing processes are back up and running," said HSHS.
It recommended not responding, but saving the messages and sending them for further investigation to the email address scam@hshs.org.
"We will share more information as we are able," Boatwright said in the video message. "But there will be information we wont be able to share publicly to protect systems and privacy of patients."
As of this weekend, he said progress is being made and many critical systems are back online, while internal communications such as email and messaging is also being restored.
"Your patience and understanding mean the world to us. Please know our top priority is protecting patient safety and supporting our colleagues so they can take care of the patients we serve," said Boatwright.
HSHS is providing updates at this website.
