TAMPA, Fla. (WFLA) — It’s one of the top threats facing hospitals:  Ransomware attacks. 

Cyber criminals are holding data hostage, potentially putting patients’ lives at risk.

8 On Your Side is taking a deeper look into the issue after an “I.T. security event” at a Florida hospital.

If you’re critically injured in the northwest part of the state, you depend on Tallahassee Memorial Healthcare (TMH). It’s the main trauma center in the area.

For nearly two weeks, TMH had to divert heart attack, stroke and trauma patients away due to a cybersecurity incident. TMH described the incident as an “I.T. security event.”

After 13 days, the hospital fully restored its computer system. Staff ditched their pens and paper notes and went back to using electronic medical records.

After the fix, the hospital sent out a statement last week, warning patients to expect hurdles.

A hospital representative said their systems are vast and intricate.

“We’ve brought them online strategically and securely to ensure the best possible care for our patients,” the spokesman said.

As law enforcement investigates the matter, TMH has been busy rescheduling the procedures that were canceled.

John Riggi is the National Advisor for Cybersecurity and Risk at the American Hospital Association, which represents almost every single hospital system in the United States.

“My former colleagues and I at the FBI speak almost every day,” he said. “Hospital CEOs now consider cyber risk as one of their top enterprise risk issues, so they’re working very, very hard, to ensure that their technical defenses have been increased.”

Riggi says the biggest concern is ransomware groups.

Russian, Chinese, Iranian or North Korean cybercriminals are encrypting data, holding it hostage, then demanding payment to return access. It can cripple hospital operations.

On a public portal, the U.S. Department of Health and Human Services tracks the theft of protected health information.

Last year, there were more than 500 attacks, impacting 44 million individuals.

Riggi believes 20% to 25% of those attacks involved ransomware actors.

“When we have ambulances being diverted, elective surgeries being cancelled, diagnostic tech being shut down, obviously that increases the risk of a negative outcome for the patient,” he said.

Right now, the federal government is taking aggressive action to disrupt networks.

After a high-profile attack led to fuel shortages in 2021, the U.S. Department of Justice elevated ransomware attacks, giving them the same priority as terror attacks.

The exact nature of the security breach at TMH has not been revealed.

It’s widely believed to be a ransomware attack.

Riggi says cybersecurity threats have increased since the pandemic.

“Not only did we have to disperse our nonclinical workforce but we had to rely more on remote third parties as well, so all of that did increase and expand our digital attack surface.”

The full statement from TMH is here.