Ransomware Attack Results in Partial Closure of Emergency Rooms at Two Hospitals

Computer systems used by East Ohio Regional Hospital (EORH) in Martins Ferry, OH, and Ohio Valley Medical Center (OVMC) in Wheeling, WV, were taken out of action over the weekend of 24/25 November as a result of a ransomware attack.

The ransomware started encrypting files on the evening of Friday, November 23. While the attackers succeeded in gaining access to certain systems by penetrating the first layer of security, the subsequent layer was not breached, and the protected health information of its patients was not compromised. Even so, the attack resulted in disruption to certain medical services at both hospitals.

Patients walking into the emergency room could still be processed and treated, but the hospitals were unable to accept patients from emergency squads. During the attack the hospitals switched to paper charts to ensure data protection and e-squad patients were diverted to other hospitals.

Several hospital systems were taken offline to protect the integrity of information and IT teams have been working around the clock to eradicate the ransomware, restore files, and bring systems back online. The hospitals chose not to pay the ransom demand and instead restored affected files from backups after rebuilding affected systems.

Initially it was hoped that systems would be restored by Sunday evening; however, e-squad patients were still being diverted to other hospitals on Monday evening while the IT staff restored affected systems. “We’ve made great progress, but we are not there yet,” explained Daniel Dunmyer, CEO of OVMC, “It’s taken hours for significant improvement, but it will take days for finalization.”

Until essential systems are restored, the emergency rooms will remain on yellow diversion and remain partially closed. On yellow diversion, “the EMS can call in to the ER and we can let them know if it’s a case we can taken,” explained Dunmyer. On Tuesday, the software used to read radiology and CT scans and make that information available to ER staff was still being rebuilt. Only when that system is restored will EORH/OVMC go off diversion in the ERs.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.