Enloe Medical Center Continues to Experience EMR Downtime Due to Ransomware Attack

A California healthcare provider was attacked with ransomware and two weeks on and its medical record system is still out of action.

Enloe Medical Center in Chico, CA, discovered the attack on January 2, 2020. Its entire network was encrypted, including its electronic medical record (EMR) system, which prevented staff from accessing patient information. Emergency protocols were immediately implemented to ensure care could still be provided to patients and only a limited number of elective medical procedures had to be rescheduled.

The attack also affected the telephone system which was taken out of action on the day of the attack. The telephone system was restored the following day but its EMR system is still out of action and employees are continuing to rely on pen and paper for recording patient data.

While there were some cancelled appointments in the first week after the attack, Enloe Medical Center says care is being provided to patients without delay while work continues to restore its systems. No information has been released on the type of ransomware involved, but the initial findings of the investigation suggest patient data has not been compromised.

“Upon learning of this incident, we immediately took steps to restore critical operating systems and ensure the security of our network. At this point in time, we have no indication or evidence that suggests patient medical data has been compromised,” said Kevin Woodward, Enloe’s chief financial officer. The ransomware attack has been reported to local and federal law enforcement agencies and the investigation is continuing.

Ransomware attacks have been increasing throughout 2019 and there are no signs of the attacks abating. In addition to file encryption, several ransomware gangs have adopted a new tactic to increase the probability of the ransom being paid. Prior to the deployment of ransomware, sensitive data is being stolen.

Recent attacks involving the MegaCortex, LockerGoGa, Maze, and Sodinokibi ransomware variants have seen data stolen prior to the deployment of ransomware. The threat actors using Maze and Sodinokibi ransomware have issued threats to expose the stolen data if the ransom is not paid. Both have followed through on those promises and have published sensitive data when the decision was taken not to pay the ransom.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.