Share this article on:
Around 11am on Monday July 9, Cass Regional Medical Center in Harrisonville, MO, experienced a ransomware attack that affected its communication system and prevented staff from accessing its electronic medical record (EHR) system.
The medical center had policies in place for such an emergency situation. Its incident response protocol was initiated within 30 minutes of the discovery of the attack and staff met to develop detailed plans to minimize the impact to patients.
Ransomware attacks typically do not involve the attackers gaining access to data, although as a precaution, it’s EHR vendor – Meditech – shut down the EHR system while the attack was investigated and remediated. At this stage, no evidence has been uncovered to suggest patient data have been accessed.
As an additional precautionary measure, ambulances for trauma and stroke have been redirected to other medical facilities. Without access to the EHR system, staff resorted to pen and paper while its IT staff worked to decrypt data and bring its systems back online. A leading international forensics firm was called in to assist with the remediation of the attack and on July 10, one day after the attack, around 50% of the encrypted files had been restored.
The type of ransomware used in the attack has not been disclosed and it is currently unclear exactly how the ransomware was installed on its systems. It is unknown whether the ransom was paid to obtain the keys to unlock the encryption or if files are being recovered from backups.
The EHR system remains offline while the investigation into the security breach is conducted. The third-party forensics firm will determine whether any patient data were accessed by the attackers prior to the system being brought back online. Cass Regional Medical Center expects the system to be brought back online within 72 hours. At this stage, trauma and stroke patients are still being diverted to other facilities.
The fast response to the attack and the minimal disruption to medical services underscores just how important it is to plan for ransomware attacks and to develop incident response procedures that can be implemented as soon as an attack is detected. Without such plans in place, valuable time can be lost at the most critical stage of the incident response process.
“I am extremely proud of our staff for the manner in which they have rallied to make sure we can still take the very best care of our patients,” said Chris Lang, CEO, in a post on the Cass Regional Medical Center Facebook page. “It has not been easy, but their dedication and can-do attitude is inspiring.”