HOUSTON — St. Luke's Health, a major health care system in Texas, was hit by an IT security incident. Patient appointments are being rescheduled and IT systems were taken offline.
St. Luke’s Health is probably best known for St. Luke's Baylor in the Texas Medical Center, but that's just one of 16 hospitals in its Texas system which had about 1.8 million patient encounters last year. It's a big operation with a big problem now, managing a security incident in some of its facilities.
Chris Bonk is an associate professor at the University of Houston’s Hobby School for Public Affairs.
“Patient data, clinical data leaves the hospital. This is some pretty personal stuff,” Bonk said.
A nurse at St. Luke's, who asked to remain anonymous, said some facilities are fully paper charting right now, some patients are not getting lab work done, appointments are being canceled and there are delays in care.
St. Luke's Health issued this statement:
"St. Luke's Health's parent company CommonSpirit Health is managing an IT security incident which is impacting some of our facilities. As a precautionary step we have taken certain IT systems offline, which may include electronic health record (EHR) systems and other systems. Our facilities are following existing protocols for system outages and taking steps to minimize the disruption. We take our responsibility to ensure the privacy of our patients and IT security very seriously. As a result of this incident, we have rescheduled some patient appointments. Patients will be contacted directly by their provider and/or care facility if their appointment is impacted."
Bonk also had some harsh words for the health care industry overall on cyber security.
“They just don't take care of this issue because it costs a lot. It’s dynamic. It’s hard and it’s not something you can put away by doing something once," he said.