- A recent cyberattack has led to EHR downtime approaching one week at Jones Memorial Hospital (JMH) in Wellsville, New York.
Patient health records and email have been inaccessible to all providers at the hospital, according to a report by Buffalo Business First. JMH officials stated the facility is currently dealing with the aftermath of the security incident.
“We are working on getting back up and running, getting everything scanned, cleaned and ready,” JMH Public Relations Director Judy Burt told the news source.
In an effort to restore its system, the 70-bed hospital has enlisted the help of its own IT experts as well as IT experts from affiliate hospitals part of the University of Rochester (UR) Medicine health system including University of Rochester, Noyes, and St. James hospitals. JMH is also working closely with MEDITECH to get the EHR system back online.
According to a bulletin posted on the hospital’s website, officials expect all systems will be fully accessible to users within the next few days.
“In the meantime, we ask patients using JMH services or clinics to bring their insurance card, their complete medications list, and any available medical history with them to any visits,” stated the post.
Until efforts to restore its EHR system are successful, JMH staff has reverted to manually entering health data and other information into patient medical records.
“We have continued to provide high-quality care throughout this event, using the standard computer downtime procedures we regularly train and prepare for,” stated the bulletin.
JMH officials maintain that presently, no patient financial or medical information has been compromised to their knowledge.
“We have been in contact with law enforcement and the New York State Department of Health since the downtime began,” they said. “This issue is isolated to Jones Memorial Hospital's computer systems. We will post further updates on our website as events warrant and continue to focus on patient safety and quality care as our top priorities”
While the EHR system is down, some patient health records are still available to providers through the regional health information organizations (RHIO).
In the summer of 2017, the MEDITECH EHR system at JMH was supplemented by a $5.7 million commitment granted to the hospital by the state to launch a multi-year EHR integration project. The grant is intended to facilitate the integration of JMH IT with the UR Medicine health system.
JMH serves a largely rural population in the community between Buffalo and Rochester. The hospital generates a revenue of about $38 million.
This most recent episode of EHR downtime brought on by a cybersecurity incident follows an earlier EHR cyberattack in Western New York.
In the spring of 2017, Erie County Medical Center (ECMC) was forced offline for six weeks when a ransomware attack compromised its own MEDITECH EHR system.
On April 9, the New York hospital received a digital ransomware note demanding the equivalent of $44,000 for a key to unlock the hospital’s own files. Hackers encrypted data in ECMC’s network that affected over 6,000 computers.
ECMC was forced to shut down all computer systems to avoid further damage and reverted back to paper records. All patient admissions, prescription writing, and daily administrative tasks ordinarily completed in the hospital’s EHR system were carried out manually until systems were restored.
"What's happening is a form of terrorism like an attack on critical infrastructure," said Chief Executive Officer at ECMC Thomas Quatroche in an interview with The Buffalo News. "It's a call to action to view cybersecurity the way we do law enforcement, to raise the profile of the issue."
ECMC providers utilized a connection to the hospital’s health information exchange – HEALTHeLINK – to access patient health records independently of the network. ECMC received assistance from MEDITECH, Microsoft, and Cisco to get back online.
Following the ransomware attack, ECMC officials made efforts to improve the hospital’s password strength, back up health data, and limit internet access in the future.