Cass Regional Medical Center hit with ransomware, suffers EHR downtime: Updated

Meditech opted to shut down Harrisonville, Mo.-based Cass Regional Medical Center's EHR July 9 after hospital officials discovered ransomware on its IT infrastructure around 11 a.m., according to a notice on the hospital's website.

As of about 4 p.m. July 10 — Cass Regional's most recent update — the hospital said restoration is estimated to be 50 percent complete.

The cyberattack affected Cass Regional's internal communication systems and stifled access to its EHR, although hospital officials have no evidence patient data has been compromised at this time.

Meditech, the hospital's EHR vendor, shut down the system as a precaution while hospital leaders work with authorities to resolve the attack. The EHR is still offline, according to Cass Regional's most recent update, but hospital officials believe it will be back online within 72 hours.

As a result of the disruption, Cass Regional — which sees more than 75,000 patients a year — diverted ambulances carrying trauma and stroke patients beginning in the afternoon as an additional precautionary measure. As of its most recent update, the hospital remains on ambulance diversion, and it is not yet clear when it will be lifted. Hospital staff have been able to continue providing inpatient, outpatient, emergency and primary care services.

"I am extremely proud of our staff for the manner in which they have rallied to make sure we can still take the very best care of our patients," CEO Chris Lang said in the update. "It has not been easy, but their dedication and can-do attitude is inspiring."

Within 30 minutes of sighting the attack, hospital officials launched Cass Regional's incident response protocol. Care managers devised a plan to continue patient care, and IT, with other senior leadership, collaborated with law enforcement and cybersecurity experts to respond to the attack.

The investigation into the attack is ongoing.

This article was updated July 11, 2018, at 9:30 a.m. to include additional information provided by the hospital. This is a developing story and will be updated as more information becomes available.

More articles on cybersecurity:

Phishing attack breaches Wisconsin county residents' PHI for 3 months
The most dangerous month for healthcare hacks so far in 2018? May
AHA: FDA must solidify guidance on legacy devices to strengthen cybersecurity

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months