A cybersecurity incident disrupted acute care operations at Tenet facilities in April, pushing adjusted admissions down 5.3% year over year as IT services faltered at some hospitals.
Total admissions fell 8% compared to the second quarter of 2021 and same-hospital net patient service revenue per adjusted admission fell 0.2% year over year due to the incident. Tenet estimated that the breach had a $100 million “unfavorable” EBITDA impact.
The April incident disrupted operations in at least two acute care facilities in West Palm Beach, Florida. WPTV, a local news outlet, reported that telephone and IT services went offline, forcing doctors to step outside to take phone calls and use paper notes.
In its second quarter earnings call on Friday, Tenet CEO Saum Sutaria called the incident a “one-time” event, adding that the hospital’s systems had been rebuilt and that it had filed an insurance claim and received $5 million worth of insurance proceeds in Q2.
However, a class action lawsuit filed in Florida against Tenet this month alleged that the cybersecurity incident impacted Tenet system’s across the country and that the company failed to provide details about the incident and did not implement appropriate security measures to safeguard employee and patient data. It also alleges that Tenet has yet to notify all patients whose data may have been impacted.
For the quarter, Tenet’s net income fell 68% year over year to $38 million, while net operating revenue fell 6.4% year over year to $4.6 billion and missed Wall Street expectations.
In September 2020, Universal Health Services experienced a similar cybersecurity incident when a massive cyberattack disrupted the for-profit chain’s operations, leading it to divert ambulance traffic and schedule procedures to competitors' facilities. The incident cost UHS $67 million in the back half of that year.