The Backup That Wasn't There

In 2021, ransomware attackers hit St. Margaret's Health in Spring Valley, Illinois. The attack encrypted the hospital's systems and locked staff out of patient records, billing software, and insurance portals for months. The hospital couldn't submit claims. Revenue stopped. Staff went unpaid.

The recovery never came. The financial damage from the months of frozen billing, combined with the cost of the attack itself, permanently crippled the facility. In June 2023, St. Margaret's Health announced it was closing both of its locations. It was the first hospital in United States history to publicly cite a ransomware attack as a primary reason for permanently shutting its doors.

The town of Spring Valley lost its only hospital. Patients who had received care there for decades had to find providers elsewhere. The nearest alternative was miles away.

The attackers were never identified. No ransom was paid. The hospital closed anyway.