Ashland Women’s Health confirmed in April 2017 that it had been the victim of a significant ransomware attack.19,272 Ashland patients were affected. This followed confirmation the previous week that ABCD pediatrics ransomware attack had put 55,447 patients at risk.
On Sunday 9th April, a third healthcare provider became aware that it had received a ‘virus’ via email which had made its way onto the organisation’s network. In New York, the Erie County Medical Center in Buffalo was obliged to shut down its own computer systems to stop the virus spreading. To date, the incident has kept computer systems offline for around three days.
The hospital remained without access to its email and its website is was offline for some time, however other computer systems were soon restored. The virus was responsible for a degree of disruption, but communication continued via the hospital’s messaging platform.
Doctors and other staff returned to the use of pens and paper while specialists worked to remove the virus and restore systems. According to a spokesperson, hospital operations were not affected affected. Scheduled surgical procedures were performed as planned and patients continued to be treated, despite the necessity to admit them manually. Prescriptions were uninterrupted, but had to be written out by hand. The hospital worked quickly to bring its computer systems back online.
The FBI and other agencies were notified of the attack and an investigation was launched. Precise details of the virus has not yet been made public, however ransomware seems to be a possibility.
A hospital spokesman confirmed that patients’ protected health information was unaffected and that there is a secure backup of EHR data, however he declined to comment as to whether ransomware was involved or if the attackers had demanded a ransom payment.