- East Ohio Regional Hospital (EORH) and Ohio Valley Medical Center (OVMC) have voluntarily initiated a period of EHR downtime after a ransomware attack hit the hospital’s network on Friday, November 23.
The hospitals are diverting emergency squad patients away from their facilities due to the cyberattack, according to The Times Leader.
EORH and OVMC Director of Marketing and Public Relations confirmed the attack to the Times on Saturday morning. Emergency squads began transporting patients to other local hospitals after receiving notification of the full diversion.
“At the moment, our emergency rooms are unable to take patients by E-squads, but we can take patients by walk-in,” Janiszewski told the Times. “Our IT team is working around the clock right now and we expect to have the issue resolved by Sunday.”
In an effort to protect patient health information, the hospitals’ IT teams took several computers offline. While the hospitals are unable to care for emergency squad patients, clinical operations in other units and care settings are proceeding as normal.
“The OVMC-EORH employees and medical staff have been very adaptive and supporting and we are able to continue with quality patient care,” said OVMC CEO Daniel Dunmyer.
On Saturday, hospital officials told WTOV9 that OVMC and EORH had switched to paper charting systems as a result of the period of EHR downtime.
No patient information has been compromised in the breach.
“We have redundant security, so the attack was able to get through the first layer but not the second layer,” said Janiszewski.
Shutting computer networks down and switching to paper charting further helps to ensure patient data remains protected.
Sustained periods of EHR downtime can disrupt hospital operations and have been cropping up across the country as healthcare data breaches — including ransomware — become increasingly common.
Some healthcare organizations are forced into EHR downtime by outages, while others voluntarily go offline to protect patient clinical and financial information during security incidents.
Including EHR downtime in a continuity of operations plan and working with EHR vendors to quickly recover from downtime can help to optimize EHR downtime preparedness.
Ensuring hospital staff are prepared to deal with instances of EHR downtime can help to reduce slowdowns, reduce patient safety risks, and promote continuity of operations during incidents.