IT shutdown at CHI Memorial remains unresolved in Chattanooga, across the US

CommonSpirit hospitals across the nation report problems

Staff Photo by Matt Hamilton / The emergency entrance at CHI Memorial Hospital is seen Tuesday.

A cybersecurity incident at CHI Memorial's parent company that forced facilities in the Chattanooga region offline on Monday is garnering nationwide industry attention and remains unresolved.

In addition to the Chattanooga region, hospitals in Nebraska, Washington, Iowa and Texas are among the facilities that have been affected, according to numerous local and national news reports. Hospitals are coping by using paper charts instead of electronic health records, rescheduling appointments and in at least one case diverting ambulance traffic.

CHI Memorial is owned by Chicago-based CommonSpirit Health, which is the second-largest nonprofit hospital chain in the United States. Cybersecurity analyst Brett Callow said in a Thursday article by The Washington Post the scope of the incident is "perhaps unprecedented in terms of the health care sector" given the size of CommonSpirit.

Barbara C. Hernandez, public relations director for Epic -- the software company that supports CHI Memorial's electronic health record system -- said in an email that the incident is isolated to CommonSpirit and to contact the CommonSpirit communications department.

Spokespeople from CommonSpirit did not respond to questions asking what caused the incident, a timeline for when systems will go back online and whether any patient information has been compromised.

CHI Memorial spokesperson Karen Long said in an email that officials are working to resolve the issues as soon as possible.

"We appreciate the patience and support of our patients and family members as we address this situation," Long said. "We are especially grateful to our staff and physicians, who are providing high-quality care to our patients."

Despite the breach, "CHI Memorial continues to provide our regular comprehensive services to the community and is following well-established processes to ensure the safe and quality care of our patients," Long said. "We take our responsibility to our patients very seriously and apologize for any inconvenience."

Lemon Williams, a partner at the Chattanooga-based Ionado Group -- a cyber security and emerging technologies consultancy -- said in a phone interview that attempted IT security breaches in "critical infrastructures," which includes energy, banking and health care, have become far more frequent in 2022.

"Me and my colleagues have had the most malicious attempts across all of those industries, including health care, for the year," Williams said, adding that generally, "activity like this increases during a recession."

He also said hackers, which the industry calls "malicious actors," are becoming much more sophisticated in their tactics. Instead of the phishing emails that many people are trained to recognize, malicious actors are using online information from social media accounts and other sources to make direct contact with employees in order to gain their trust and breach company security systems.

Although his expertise is in the energy and renewables sector, Williams said he has gained additional knowledge of the health care industry in his role on the Erlanger Health System Board of Trustees.

Typically, the goal of these types of breaches is to install ransomware on a company's computer system in an effort to hold data hostage in exchange for payment. Some other malicious actors want to steal personal data, and occasionally their rationale is activism, he said.

"Generally, malicious actors that engage in ransomware have no interest in the data at all -- they essentially just want to extort that data for monetary gain," Williams said.

Breaches in health care can be particularly challenging due to the added pressure of people's lives being at stake, he said.

"You're so concentrated on recovery into your business -- especially in health care, returning to normal operations -- that you are not doing as much in terms of forensics and gathering as much evidence and data as you can," Williams said. "So the faster that you can actually move back to normal operations, that allows more time to analyze and maybe catch [malicious actors] before their trail goes cold."

Contact Elizabeth Fite at or 423-757-6673. Follow her on Twitter @ecfite.