H5 Strategic Alliances

A suspected ransomware attack has the Florida hospital operating under downtime protocols, diverting some EMS patients and canceling surgeries.

The FBI confirmed it is working with Tallahassee Memorial HealthCare to assess an IT systems outage that began on February 2.


When the incident began, the hospital announced it was only accepting Level 1 trauma patients from Leon County and the immediate surrounding counties. All non-emergency surgical and outpatient procedures were canceled and rescheduled.

TMH posted reports over the weekend saying it made progress in managing the event, and physicians began seeing patients today, though surgeries and procedures were again canceled and rescheduled.

The hospital has otherwise been tight-lipped about the suspected cause of the outage.

“We will provide updates as the investigation progresses, bearing in mind that security, privacy and law enforcement considerations impact the amount of detail we can provide,” the hospital said in a statement on its website.

Meanwhile, local WCTV reported receiving a statement by email from the FBI’s Jacksonville field office:

“While our policy prohibits us from confirming or denying the existence or status of a federal investigation, we are working with TMH security teams to assess the situation.”

According to the report, the Leon County Community and Resilience Administrator’s office also indicated that 80% of the weekend EMS transports went to the HCA Florida Healthcare with only 12% of transports going to TMH.


It’s hardly surprising that this potential ransomware attack has hobbled healthcare and emergency care in Tallahassee as ransomware disruptions have been known to go on for weeks and months.

With the spike in cyberattacks on healthcare organizations, a recent study published in JAMA indicates that half of all ransomware attacks have disrupted healthcare delivery.

Based on the study pool, common disruptions included electronic system downtime, at 41.7%, cancellations of scheduled care, at 10.2%, and ambulance diversion, at 4.3%.

In an email statement sent to Healthcare IT News from Adam Flatley, vice president of intelligence at cybersecurity provider Redacted and a former director of operations at the National Security Agency, it’s clear that he and others believe ransomware actors are extorting TMH for money.

“These groups are targeting healthcare organizations on purpose because they know the emotional impact of doing so which will help them force the extortion payment,” he said.

“What is still really missing is a well-coordinated public/private campaign against them to dismantle their criminal organizations.”


“This is an ongoing, emerging situation that is requiring the attention of everyone at TMH,” said Rebeccah Lutz, the hospital’s director of marketing and communications, in a statement to the Tallahassee Democrat and other news outlets.

“It’s an all-hands-on-deck scenario, and we’re doing everything we can to minimize the impact on patients.”

Recent News