Connect with us

Hi, what are you looking for?


Incident Response

Ransomware Attack Played Major Role in Shutdown of Illinois Hospital

St. Margaret’s Health in Illinois is shutting down hospitals partly due to a 2021 ransomware attack that caused serious payment system disruptions.

St. Margaret’s Health is shutting down hospitals and other facilities in Peru and Spring Valley, Illinois, and says a 2021 ransomware attack is partly to blame.

The attack occurred in late February 2021 and forced the shutdown of the Spring Valley hospital’s computer network, impacting all web-based operations, including its patient portal. The Peru branch was not affected, as it operated on a separate system.

The incident, the hospital said on social media, impacted its ability to bill patients and get paid in a timely manner for the provided services. The systems were down for more than three months.

Compounded with impact from the Covid-19 pandemic, a shortage of staff, and rising costs of goods and services, the cyberattack forced the hospital to suspend some of its services in January this year.

On June 16, St. Margaret’s Health will shut down both the Peru and Spring Valley facilities.

In a video message on social media, St. Margaret’s chairwoman Suzanne Stahl announced that OSF HealthCare will acquire the hospital in Peru, which will help pay some of the Spring Valley location’s debts.

St. Margaret’s Health will also close clinics in Henry, LaSalle and Streator and will sell other assets not included in the OSF HealthCare transaction.

St. Margaret’s Health is the first healthcare facility to link its closure to a ransomware attack, but this is not surprising, ForgeRock VP Steve Gwizdala said in an emailed comment.

Advertisement. Scroll to continue reading.

“Healthcare continues to be one of the most attractive targets for cyberattackers, and the number of breaches affecting the industry is increasing each year,” Gwizdala said.

What should be noted, KnowBe4’s Erich Kron says, is that the ransomware attack is only one of the reasons forcing the hospital to close.

“Unfortunately, while these attacks are not often the primary reason for an organization to shut down, the significant additional stress and financial impact caused by one of these attacks can be a major factor,” Kron pointed out.

Related: Idaho Hospitals Working to Resume Full Operations After Cyberattack

Related: Cyberattack Hits Major Hospital in Spanish City of Barcelona

Related: Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.