Share this article on:
A computer virus sent via email to staff at Erie County Medical Center in Buffalo, New York – the main teaching hospital used by the University of Buffalo – has forced the hospital to shut down its entire computer system, parts of which remain out of action three days later.
The incident occurred in the early hours of Sunday morning. IT staff reacted promptly and shut down email and took the entire computer system offline as a precaution to prevent the spread of the virus. The IT team, assisted by external security experts, is working to systematically restore its systems. That process is expected to take several days, although most computer systems at the hospital have now been brought back online. The hospital’s email system is still not operational and its website is still inaccessible. The hospital has a backup of all data, including patients’ health information. A full recovery is therefore expected.
Staff at the hospital have been forced to temporarily work with pen and paper while the IT security incident is resolved. Communication between care teams has continued using ECMC’s proprietary text messaging system. A spokesperson for the hospital says operations are continuing as normal and patient services have not been affected.
Peter K. Cutler, ECMC’s Vice President of Communications and External Affairs, said “We have concerns about the motivation that led to this virus, and we are working with the appropriate agencies to determine the validity of whatever information we’ve received as a result of this virus coming into our system.”
The hospital is “confident that no patient information has been compromised,” however, at this stage, that cannot be entirely ruled out. The investigation into the attack is continuing and once systems have been restored, ECMC will be conducting a complete post-infection analysis to ensure that no further malware or viruses remain on its system. Law enforcement agencies, including the FBI, have been notified of the cyberattack.
The nature of the virus has not been disclosed, although the incident bears the hallmarks of a ransomware infection. Targeted ransomware attacks on hospitals are occurring, with at least one malicious actor using Philadelphia ransomware to attack hospitals and encrypt data. Those attacks started in the third week of March.
A decryptor has been released to unlock files encrypted by Philadelphia ransomware, although many ransomware variants have yet to be cracked. Decrypting data is only possible if a ransom is paid, something the FBI and other law enforcement agencies strongly advise against.
In order to ensure a complete recovery from a ransomware attack is possible, healthcare organizations must regularly backup their data and test those backups to make sure data can be recovered in the event of a disaster.