Harrisonville, Mo.-based Cass Regional Medical Center's EHR is back online July 16 after almost a week of downtime stemming from a ransomware attack on its IT infrastructure, the hospital said in a update.
The attack was first discovered July 9, and the hospital's EHR vendor Meditech opted to shut down access to the EHR as a precaution. Cass Regional was under ambulance diversion for trauma and stroke patients for the duration of the incident.
"After consulting with our EHR vendor, we determined that any immediate threat that may have been present as a result of last week's attack was mitigated, and that it was in the best interest of our patients to go ahead and bring the system back up," Cass Regional CEO Chris Lang said in the statement.
A third-party cyber forensic firm conducted an investigation into the cyberattack, which revealed the breach was caused by a brute-force attack via Remote Desktop Protocol. RDP is an interface commonly used to obtain remote access to systems for legitimate business purposes; however, hackers can leverage these features to gain inappropriate access to organizations' systems.
"We have since modified our systems to eliminate this risk," Mr. Lang said. "Again, we deeply appreciate the support that our community has given us this past week… We are glad to resume normal operations and focus all our energies on taking care of our patients."