Suspected Ransomware Attack Impacts Erie County Medical Center Patients

It has been a bad month for healthcare industry ransomware attacks and malware infections. A ransomware attack on Ashland Women’s Health was confirmed this week which impacted 19,272 patients and last week an ABCD pediatrics ransomware attack impacted 55,447 patients.

On Sunday, another healthcare organization discovered a ‘virus’ had arrived via email and made its way onto the network. Erie County Medical Center in Buffalo, New York was forced to shut down its computer systems to prevent the spread of the virus. So far, the incident has resulted in computer systems being offline for three days.

The hospital is still without access to email and the hospital website is still out of action, although other computer systems have now been brought back online. The virus caused some disruption, although communication was maintained through the hospital’s messaging platform.

Physicians and other hospital staff were forced to work with pens and paper while the virus was removed and systems were restored. Hospital operations were unaffected according to a statement released by a hospital spokesperson. All scheduled surgical procedures have been performed and patients continue to be seen, although they have had to be admitted manually and prescriptions have had to be written out by hand. The hospital is working quickly to ensure that computer systems are all brought back online as quickly as possible.

An investigation into the incident is continuing and the FBI and other law enforcement agencies have been notified of the attack.  The exact nature of the virus has not been disclosed, although ransomware is a possibility.

A spokesperson for the hospital has confirmed that the protected health information of patients was not impacted and that a backup of EHR data exists, although no comment was made as to whether ransomware was involved or if a ransom demand had been issued by the attackers.

Author: NetSec Editor