A network of hospitals and clinics in Ohio and West Virginia was forced to cancel surgeries and divert patients with emergencies to other facilities after it was hit in a ransomware attack this week.
Cybercriminals struck Memorial Health System, a nonprofit that runs three hospitals, outpatient service sites and clinics spread across southeastern Ohio and northwestern West Virginia, early Sunday morning.
Officials said Memorial had to shut down its information technology systems and cancel urgent surgical cases scheduled for Monday. It also had to divert ambulances to other hospitals.
"Maintaining the safety and security of our patients and their care is our top priority and we are doing everything possible to minimize disruption,” president and CEO Scott Cantley said in a written statement posted on the system’s website. “Staff at our hospitals … are working with paper charts while systems are restored, and data recovered."
Cantley said at a news conference that the health system was working with security partners, including the FBI and the Department of Homeland Security, to restore operations as soon as possible. He said there hadn’t been any indication that patients’ medical records were accessed.
On Wednesday, Memorial posted an update saying its systems could be restored as early as Sunday.
“We have reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible,” Cantley wrote.
“It is unfortunate that many health care organizations are confronting the impacts of an evolving cyber threat landscape,” he added, noting that Memorial will focus on beefing up its security.
Ransomware typically spreads through phishing, in which hackers email malicious links or attachments and people unwittingly click on them. Malware then hijacks the victim’s computer system and holds it hostage until the victim either pays a ransom, usually with the cryptocurrency bitcoin, or restores the system on their own.
Since the pandemic began, cybersecurity experts say they have seen an uptick in attempted ransomware and other hacking attempts on hospitals, health care systems, clinical labs and research centers.
Hospitals often lag behind other industries such as financial services when it comes to cybersecurity, experts say. That makes them an ideal target for hackers, especially during the pandemic.
The hospitals’ biggest fear is that if computer networks get locked up or knocked offline, health care workers won’t be able to access important information such as patient medical records and test results.