- Cass Regional Medical Center experienced a ransomware attack on its information technology infrastructure on Monday, July 9, according to an online statement. As a precautionary measure, the hospital underwent EHR downtime until the attack is resolved.
EHR access and internal communication systems were affected, which is why EHR vendor MEDITECH opted to shut down the system.
There was no evidence that patient information had been impacted, Cass Regional stated.
Our primary focus continues to be on our patients, and meeting our mission to provide health care services to our community,” CEO Chris Lang said. “We are deploying every resource available to us to resolve this situation quickly so we can resume normal operations.”
Incident response protocol was deployed within 30 minutes of the first signs of the ransomware attack, the hospital statement added.
“Patient care managers met to develop detailed plans to ensure that patient care continued to be provided in a safe and effective manner, while information technology and senior leaders are working with law enforcement and cybersecurity experts to develop a quick resolution to the situation,” Cass Regional explained.
On Monday afternoon, hospital leadership opted to divert trauma and stroke patients to ensure “optimal care” was received.
Earlier this year, Allscripts experienced its own EHR downtime following a ransomware attack on its cloud-based EHR and electronic prescribing of controlled substances (EPCS) systems.
Allscripts Professional EHR and EPCS systems users were still manually writing prescriptions and relying on paper records less than one week after the initial attack.
“Both our Shield and Hosting teams are still working diligently to resolve the EPCS issue,” said Allscripts in a January 18 statement to users. “We will provide an update as soon as there is a status change or the issue is resolved. We apologize for any inconvenience this has caused.”
Virginia-based Moss Free Clinic uses Allscripts cloud-based EHR and EPCS systems, and was one of the Allscripts users that had to switch to manual administrative options following the ransomware attack.
Executive Director Karen Dulaney told Fredericksburg.com the clinic did not cancel any appointments but added that administrators could not schedule future appointments.
Physicians and nurse practitioners had to write patient visit notes on paper, but Dulaney said she was “very proud of our staff/volunteers for their ability to be nimble.”
Moss Medical Director Patrick Neustatter told the news source that “people’s care would have suffered” if the majority of systems had remained offline any longer. It was difficult because of the amount of necessary clinical information that was virtually inaccessible to providers immediately following the ransomware attack.
“You can’t look at anything, all the patients’ history and everything is there,” Neustatter said. “It’s crazy.”
The Allscripts ransomware attack stemmed from the SamSam ransomware strain.
Allscripts spokesperson Concetta Rasiarmos told HealthITSecurity.com that a “limited number” of Allscripts applications were affected in the incident.
“We are working diligently to restore these systems, and most importantly, to ensure our clients’ data is protected,” Rasiarmos wrote in an email. “Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems. We regret any inconvenience caused by this temporary outage.”
On January 26, 2018, approximately one week after the initial ransomware attack, Rasiarmos said “service to all affected clients has been restored.”