Ransomware Attack Key Factor in Decision to Close Rural Illinois Hospital
Ransomware attacks can cause healthcare facilities to temporarily close and small healthcare practices have made the decision not to reopen after a ransomware attack, but hospitals and health systems are usually financially resilient enough to remediate the attacks and recover, but not St. Margaret’s Health. Like many rural hospitals and health systems, St. Margaret’s Health has been struggling to maintain operations in the face of increasing financial pressures, then fell victim to a ransomware attack that sent it into a downward financial spiral. The attack, in combination with several other factors, resulted in the decision to permanently close its 44-bed Spring Valley location in Illinois. St Margaret’s Health also operates a 49-bed hospital in Peru, IL, which was under a temporary suspension that was announced in January this year. All operations at the two hospitals will permanently end on Friday, June 16, 2023.
The Sisters of Mary of the Presentation founded St. Margaret’s Health in 1903, and in 2021, St. Margaret’s Hospital – Spring Valley and Illinois Valley Community Hospital (IVCH) in Peru consolidated their operations and formed a regional health network run by the SMP Health ministry, with IVCH changing its name to St. Margaret’s Hospital – Peru. St. Margaret’s Health tried to integrate the new hospital into St. Margaret’s Health so that the two hospitals and their associated clinics could continue to provide catholic healthcare in the Illinois valley, but the challenges proved too great. Like many rural hospitals, St. Margaret’s Health has faced increasing financial pressures in recent years, and the COVID-19 pandemic, continuing staff shortages, and the ransomware attack on St. Margaret’s Hospital – Spring Valley’s computer systems in February 2021 proved too much and made it impossible to sustain its ministry. The ransomware attack itself did not trigger the closure, but it did play a key part in the decision to close. The ransomware attack prevented the hospital from submitting claims to insurers, Medicare, and Medicaid for months, piling even more financial pressure on the already struggling St. Margaret’s Health.
Suzanne Stahl, chair of SMP Health, said St. Margaret’s Health has signed a non-binding letter of intent with OSF Healthcare to acquire the Peru campus and related ambulatory facilities, and the proceeds of the sale will be used to pay off a portion of St. Margaret’s debts and will help to ensure that catholic-based healthcare will continue to be provided in the Illinois valley and the surrounding areas. The transition will take some time, and while OSF Healthcare is working to accomplish the purchase as quickly as possible, it is not able to provide a time frame for when care will resume. “The hospital closure will have a profound impact on the well-being of our community. This will be a challenging transition for many residents who rely on our hospital for quality healthcare,” said Melanie Malooley-Thompson, Mayor of Spring Valley. The closure will mean that patients will be forced to travel much further for emergency room and obstetrics services.
Longstanding pressures on rural hospitals resulted in 136 rural hospital closures between 2010 and 2021, according to a 2022 report from the American Hospital Association, including 19 closures in 2020 alone. Rural hospitals typically have low reimbursement, staff shortages, and low patient volumes, and also had to deal with the COVID-19 pandemic. Cyberattacks are enough to send them over the edge.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Tragically, this is unlikely to be the last ransomware attack that proves too much for a rural hospital. Increasing financial pressure limits the ability of rural hospitals to invest in cybersecurity and they also struggle to attract and retain skilled cybersecurity staff. That makes rural hospitals an easy target for ransomware gangs, which are increasingly targeting these healthcare facilities. Even when rural hospitals are not specifically targeted, they can still fall victim to non-targeted attacks due to the lack of appropriate cybersecurity.