NewsLocal NewsInvestigations


Timeline gives insight into cybersecurity breach at West Palm Beach hospital

Unclear if patient information was impacted
Posted at 5:16 PM, Apr 26, 2022
and last updated 2022-04-26 18:41:35-04

WEST PALM BEACH, Fla. — Almost a week after its computer and phone systems went down, the parent company of two area hospitals now confirms the cause was a cyberattack.

Dallas-based Tenet Health Systems confirmed the incident Tuesday morningin a news release, a day after Contact 5 reported the cyberattack caused emergency medical personnel to divert patients to other area hospitals.

Tenet's statement raises more questions than it answers.

WPTV received the following timeline from an employee at St. Mary's Medical Center after the hack occurred last week.

  • Wednesday, April 20 at 6:04 a.m.: St. Mary's Medical Center nurses received a text that read "multiple markets are reporting the loss of network and telecom services"
  • At 9:07 a.m. that morning they were told to "please do not use any systems, even if it appears to be working"
  • Later that morning, employees were told that "all users must log off and turn off all computers"
  • At 5 p.m. that afternoon they learned that "St. Mary's Medical Center is in full downtime mode"
  • Then the next morning on Thursday at 6:30 a.m., workers received a text that read, "All computers should remain turned off. They should not be turned on for any reason"

Cybersecurity expert Alan Crowetz said the damage was already done.

Alan Crowetz, president and CEO of InfoStream, Inc., speak on Tenet hospital outage
Alan Crowetz shares his thoughts on what could have caused the outage at the two West Palm Beach hospitals.

"Even if you stop all email from coming in, it's already inside the network and spreading," Crowetz said.

At that point, EMTs from West Palm Beach and Riviera Beach were diverting stroke patients and pregnant women to other medical centers.

Under federal law, hospitals have 30 days to report a cyberattack.

Medical ethics expert Ken Goodman of the University of Miami's Miller School of Medicine tells Contact 5 that hospitals should tell the public as soon as possible.

"Institutions that want to get ahead of it, that want to make sure they're continuing to signal they are trustworthy, are going to get ahead of all of these things," Goodman said.

Ken Goodman of the University of Miami's Miller School of Medicine
Ken Goodman says hospitals should be transparent once they recognize a data breach.

Contact 5 has learned the attack took down phone and computer systems in at least one other state.

In Tuesday's news release, Tenet did not reveal which hospitals in its nationwide system were hacked or if any of its other three hospitals in Palm Beach County were affected.

Tenet also did not say if personal information of current and former patients and employees was breached.

WPTV also reached out to numerous federal and state agencies about the incident but did not get a response.

It's still unclear what was the nature of the hack, if it was ransomware or what is behind it.

"Everyone is at risk, and it's important to be able to say, 'We owned it. We’re working on it. Here's what we've done. We've obeyed the law, and here's the steps we've taken to make sure it doesn't happen again,'" Goodman said.

WPTV called the number and emailed the address Tenet Health Systems listed in its news release to ask them if patient and employee information was compromised. However, they did not respond.

Shelley Weiss Friedberg, a regional spokeswoman for Tenet, dismissed Rodriguez's concerns as "preposterous" and asked WPTV to remove the story.

Meantime, experts warned hospitals are a major target of cyberattackers.

A 2018 MIT study warned hospitals have lagged behind other industries in protecting against these attacks, putting people’s personal information at risk.

Email the Investigators
Share your news tips and story ideas with WPTV's investigations team.