Cyberattacks in Arizona, Missouri limit access to community services

Cyberattacks in Arizona and Missouri have limited local resident access to critical services used by thousands of people.

In Arizona, a cyberattack brought down the systems of Mt. Graham Regional Medical Center (MGRMC). The 25-bed hospital in Safford, Arizona, is the primary source of healthcare for both Graham and Greenlee Counties, which have a combined population of about 50,000.

This week, the hospital said it is investigating a cybersecurity incident that is affecting its communication and information systems.

“We are working closely with law enforcement and outside experts to assess the scope and impact of the incident, including whether any patient information was compromised,” MGRMC said on Monday.

“If we determine that patient information was compromised, we will communicate directly with impacted patients. If you are or have been a patient of MGRMC, we recommend you monitor your account statements, stay vigilant about your personal data, and if you feel your information may be compromised, contact law enforcement.”

On Wednesday, the hospital released an update saying it was making progress in bringing systems back online and giving officials access to patient information.

“The disruption, although inconvenient, has had limited impact on patient experience. As a practice, MGRMC has prioritized redundancy and patient information safety in providing excellent care,” the hospital said.

MGRMC is just the latest hospital struck by a cyberattack that limited access to patient information systems and other critical tools used by doctors.

Hospitals in New York, Texas, Florida, Idaho, Michigan, Mississippi, California, Connecticut, Pennsylvania and Rhode Island have had to divert ambulances, revert back to pen and paper, cancel appointments and more after reported cyberattacks this year.

While government and healthcare officials rarely attribute deaths directly to cyberattacks and ransomware incidents, privately many experts inside and outside of government acknowledge that the added minutes and hours that come with ambulance diversions do cost lives.

St. Louis Metro Call-A-Ride Service restored

Critical community services also have been damaged during a cyberattack on a St. Louis public agency. Hackers breached the region’s Metro Call-A-Ride service for people with disabilities.

On Monday, the organization that runs the service published multiple messages on Facebook warning customers that their phone systems and computer network were down. By Tuesday, the organization confirmed that a cyberattack was causing the outages.

“On Monday, Oct. 2, Metro Transit was the target of a cyber attack. We have been focused on protecting and restoring our system and were able to continue to safely run our transit services yesterday,” officials said.

“Normal transit service for MetroLink and MetroBus will continue today, however, because our scheduling software is still being recovered for Metro Call-A-Ride, we are only able to provide life critical appointments today to pre-scheduled dialysis treatments.”

They urged the service’s thousands of users to continue texting their team to make reservations. The reservation platform was restored on Tuesday afternoon and IT officials are still working to bring phone and computer lines back up.

In addition to the Call-A-Ride issues, the call center to purchase tickets for St. Louis’ iconic Gateway Arch was also brought down by the attack.

The organization that runs both services — Bi-State Development — did not respond to requests for comment about whether it was a ransomware attack.

Bi-State Development President Taulby Roach told local news outlet KSDK that the decision to shut down systems protected the network and allowed most transit services to continue running.

Two weeks ago, agencies in St. Louis County were thrown into chaos after a cyberattack. The St. Louis Post Dispatch reported that the county’s Regional Justice Information System — known as REJIS and also used by counties in Kansas and Illinois — suffered an incident that brought the system down, affecting all of the county’s police officers, jails, municipal courts and attorneys.

The county was forced to book and release people from jail using paper records, and county officials wrote on Facebook that all court cases scheduled in St. Louis County Municipal Court were canceled for multiple days.

In April, the local government of a St. Louis suburb was hit with a cyberattack that affected multiple systems.