TMH employee: remote workers forced to use PTO during cybersecurity incident

TALLAHASSEE, Fla. (WCTV) - Nearly one week ago, a cybersecurity issue paralyzed Tallahassee Memorial Healthcare, forcing many non-emergency procedures to be canceled, and roughly 90 percent of ambulances to be diverted to a different hospital.

While THM representatives have remained tight-lipped on the issue, public concern is mounting. WCTV has received a number of messages from both patients and employees about the growing impact of the incident.

On Monday of this week, Eyewitness News posed more than a dozen questions to the TMH communications department, asking about the nature of the security breach, if patient data has been compromised, what systems within the hospital are working or not working, and how all of this is impacting patients and employees.

Email correspondence was delayed after it was noted that the TMH comms team did not have access to the email as a result of the cybersecurity incident and were communicating via their personal emails.

In response on Wednesday, TMH provided a blanket statement that had already been published on the hospital website a day before and which indicated they could not answer the questions due to the ongoing investigation.

“We understand our community is eager for more information about this event. Our teams are working around the clock in collaboration with outside experts and state and federal agencies to investigate the cause and scope of the event and safely restore all computer systems as quickly as possible. We will provide updates as this investigation progresses, bearing in mind that security, privacy and law enforcement considerations impact the amount of detail we can provide.”

A second email a short time later included a short follow-up on a question about patient data:

“Our investigation is ongoing. As is typical in such situations, we expect it will take some time to determine exactly what happened. We will notify any affected patients as appropriate based on the results of our investigation.

On Wednesday, an employee who works for TMH remotely full-time reached out to WCTV about their situation. The employee, who asked to remain anonymous, said their team works in the IT department, but outside the scope of those working to address the current issue.

The worker said the team was directed not to log in to work last Friday. They have not been allowed to log in since.

According to a visual record provided to WCTV, TMH administration offered the remote team three choices: take paid time off, accept unpaid leave for Monday and Tuesday, or show up to the hospital to be assigned a task. The employee, who works out of the area, told WCTV that was an unfair choice.

“Every day, it’s like, ‘We don’t have an ETA yet. We don’t have an ETA yet,’ It’s just very... we’re in the dark we don’t know what’s going on,” they said. “We don’t know if it’s going on for a week, a month- we don’t really know. So it’s super frustrating from that perspective.”

The employee said the team had several people without any PTO left, and they feared they would be in financial trouble without earning pay.

WCTV reached out to TMH Wednesday mid-afternoon to address this specific policy as well. A spokesperson said the hospital is working to answer the question, but would not be able to by the close of business Wednesday.

This story will be updated with any TMH response.

Here’s a list of questions WCTV asked of TMH:

• Is this the result of a ransomware virus? If so, what is the ransom or demand?
• Was it a central processor that was impacted or a satellite?
• Where did the issue originate? An email? Link?
• Are some parts of the system up and running? And what’s the difference?
• How many hours was the security issue un-detected?
• Is this the first IT security breach the hospital has encountered? If not, when and what are previous breaches or attempts?
• How many facilities (i.e. main hospital, clinics, auxiliary businesses) are being impacted and what are those impacts?
• What is the financial impact of this security issue at this point?
• How much money a day is the hospital losing with roughly 90 percent of EMS patients being diverted to other care facilities?
• What kinds of data have been compromised? Personal patient information? Hospital records? Etc.
• Beyond the obvious inconvenience right now, what are the long-term impacts of this security issue?
• What is the latest on the investigation into the breach?
• We understand some employees have been asked to stand security in stairways and outside units, like the labor and delivery unit. Is this still the case or has the hospital taken measures to fix this? If so, what are they?
• Is it true that at least some full-time remote employees have been asked to choose between PTO or unpaid time off this week due to the IT security issue? If so, why has the hospital decided to go this route?
• How many employees are being asked to make this choice?
• How long could those employees be forced to take PTO Are there any support/resources they can take advantage of during this time?

TMH is one of the largest employers in Tallahassee. There’s no inkling yet on what this issue will cost the hospital, but impacts have stretched to auxiliary healthcare clinics and other local businesses owned by TMH. According to consulting firm IBM, the average cost of a data breach in the healthcare industry in 2022 was $10.10 million dollars.

Earlier in the week, TMH confirmed that nearly 90 percent of ambulances were re-routed to different facilities for several days, non-emergency surgical procedures were canceled for multiple days, and employees inside are handwriting records.

The FBI also confirmed they are working with TMH following the incident.

In the meantime, heartwarming stories are emerging from frontline workers asked to step up and work extra shifts to make sure patient care is not interrupted. WCTV has received a number of messages complimenting staff as they work through trying times.

Copyright 2023 WCTV. All rights reserved.