Buffalo, N.Y.-based Erie County Medical Center officials have confirmed the April 9 virus attack that shut down its computer system was a ransomware incident, according to a Buffalo Business First report. The medical center did not pay the ransom demand that came from "an international source."
The medical center worked with the state police and the FBI to investigate the incident. Tom Quatroche Jr., ECMC president and CEO, told Buffalo Business First that the "FBI and the security companies both were pretty emphatic about not paying. You end up becoming a target."
The medical center shut down its computer system on April 9 to prevent further damage from a virus attack detected in the early morning. Around 6,000 desktop computers were wiped clean and staff was able to view patient data on EMRs, but not input any information. For weeks, the staff used laptops and manual processes to conduct patient activities, including patient admission and documentation.
ECMC used back-up systems to restore most of its computer system, including documentation, e-prescribing and e-mail. Clinicians can now enter EMR information and patient documentation into the computer system, says Peter Cutler, vice president of communications and external affairs at ECMC. However, a complete restoration of the system will likely only be possible by the end of the month.
An initial assessment conducted by the hospital, in collaboration with cybersecurity services provider Troy, N.Y.-based GrayCastle Security, showed that patient health information was not compromised due to the virus attack.