- Ohio Valley Medical Center (OVMC) and East Ohio Regional Hospital (EORH) have fully recovered from a sustained period of EHR downtime following a ransomware attack on their computer network and will not need to pay a ransom to hackers, according to Wheeling News-Register.
The hospitals restored the computer network in their emergency rooms as of Wednesday night and will no longer be diverting patients to other care sites.
“As of 10 p.m., our EMSTAR emergency departments are off of diversion,” OVMC and EORH Director of Marketing and Public Relations Karin Janiszewski told the Register. “Computer software capabilities have been fully restored and EMS can transport patients to our EDs without issue.”
The hospitals voluntarily initiated the period of EHR downtime after a ransomware attack hit the hospitals’ network on Friday, November 23.
OVMC and EORH had made substantial progress toward restoring their EHR system by the end of the weekend, requiring only a partial diversion of emergency room traffic by Monday. This partial diversion persisted through Tuesday and Wednesday.
According to the Times Leader, the hospitals will not have to pay a ransom to hackers to restore their system.
“We are not paying a ransom,” Janiszewski told the Times. “It is not necessary because we have redundant security and Ransomware was only able to make it through our first line of security and they caught the attempted attack quickly.”
The hospitals’ IT teams were able to restore EHR technology in OVMC and EORH’s emergency departments to full functionality without outside help.
“Now, our IT crew is rebuilding the front of the software programs — the entry area — and until that is fully functional, we will stay on a yellow status in the ER,” Janiszewski explained. “We do that because the software needed to accurately read radiology and CT scans is in the process of being rebuilt.”
The partial diversion beginning Monday — called a yellow diversion — allowed emergency department clinicians to see a limited number of patients with certain treatment needs.
“The EMS can call in to the ER and we can let them know if it’s a case we can take,” OVMC CEO Daniel Dunmyer told the Times.
No patient information was compromised during the breach. OVMC and EORH worked to protect patient health and financial information by shutting its EHR system down and switching to paper charting for clinical operations.
Some healthcare organizations are forced into EHR downtime by outages, while other healthcare organizations such as OVMC and EORH voluntarily initiate EHR downtime to reduce the chances that patient information will be compromised during security incidents.
Several hospitals have been forced into EHR downtime due to power outages and data breaches throughout 2018.
In July, Tennessee-based Blount Memorial Hospital experienced a three-day stint of EHR downtime that prompted clinicians and staff to support a $30,000 investment in a backup system. The backup system is designed to pull nightly patient chart information based on future appointments and store the data on computers at the hospital’s facilities.
Implementing a downtime system can help to ensure healthcare organizations can continue clinical and administrative operations as normal in the case of a security event.
In addition to implementing a backup system, including EHR downtime in continuity of operations plans and working with EHR vendors on how to recover from downtime can help to increase an organization’s level of EHR downtime preparedness.
Continuity of operations plans that include drills can help healthcare organizations identify their weaknesses and strategize to fill gaps that crop up during downtime simulations to reduce the risk of slowdowns, delays, and threats to patient harm.