Missouri-based Cass Regional Medical Center announced Monday it has been hit with a ransomware attack. The medical center said it discovered unidentified ransomware on its IT infrastructure at about 11AM.
The center's internal communications system and access to their electronic health record (EHR) system have been affected in the attack. However, they said there is currently no evidence of patient data being accessed thus far.
The hospital's EHR vendor Meditech decided to shut down the system as a precaution until the attack is resolved.
"Hospital leadership initiated the organization’s incident response protocol within 30 minutes of the first signs of attack," the center said in a statement on Facebook. "Patient care managers met to develop detailed plans to ensure that patient care continued to be provided in a safe and effective manner, while information technology and senior leaders are working with law enforcement and cybersecurity experts to develop a quick resolution to the situation.
The center is currently working with an "international cyber forensics firm" to begin decryption of affected systems and files. As of Tuesday 2PM, restoration was said to be 50% complete.
Its EHR system is still offline "pending a thorough investigation of the attack by third-party cyber forensics experts in order to ensure that no protected health information has been compromised." However, the center expect it to be back online within 72 hours.
Cass Regional has not provided any specific details about the ransomware, what data has been affected, if any, or any demands made by the attackers behind the intrusion. It is also not immediately clear how the medical center's systems were infected.
The hospital said it will continue to evaluate its capabilities as it deals with the attack and is currently on ambulance diversion for trauma and stroke "in order to ensure optimal care for those patients." However, the organization is still providing inpatient, outpatient, emergency and primary care services despite the disruption.
“Our primary focus continues to be on our patients, and meeting our mission to provide health care services to our community,” Cass Regional CEO Chris Lang said. “We are deploying every resource available to us to resolve this situation quickly so we can resume normal operations.
“We deeply appreciate the patience and support that our community has shown during this challenging time. We look forward to resuming normal operations and continuing our mission to meet the health care needs of area residents.”
Healthcare + ransomware
The latest ransomware attack comes as ransomware attacks seem to have tapered off in frequency since August 2017. Attackers have begun turning away from ransomware of late in favour of illicit cryptocurrency mining.
However, the Cass Regional attack serves as a reminder that ransomware attacks targeting the healthcare sector are not likely to end any time soon. Given the confidential and sensitive patient data they work with and their penchant to pay up ransom since data loss could endanger its operations and the lives of patients, healthcare facilities will remain prime targets for ransomware attacks.