MercyOne Central Iowa is mostly back online in the aftermath of a ransomware attack of its parent company, CommonSpirit Health.
The Des Moines-based Catholic medical group, which is part of the MercyOne health system, announced that all its hospital and clinic systems, payroll platform and patient records are back online.
The medical group noted it is still dealing with some issues stemming from the cybersecurity breach, though it is still providing high quality care to its patients, it said. Patients are currently not able to schedule appointments online in Central Iowa.
“Patients can be assured that MercyOne is able to serve all health care needs with some disruption to normal operations,” the group said Nov. 1.
MercyOne also offered footage of how the health system has had to pull together to address the cybersecurity attack and still care for its patients.
CommonSpirit Health is one of the largest health systems in the United States and the second-largest nonprofit hospital chain, operating 142 hospitals and more than 2,200 care centers across 21 states. The cyberattack impacted electronic health records (EHRs), which were taken offline, as well as patient portals.
The attack comes as healthcare organizations are one the top industries being targeted by cybercriminals due to the vast amount of high-value, personal information they hold. Healthcare data breaches are extremely expensive, costing an average of $10 million, according to one recent study. In addition, healthcare breaches can impact how patients feel about their healthcare organizations and lose trust.