Cass Regional recovers after ransomware attack
Cass Regional Medical Center in Harrisonville, Mo., is continuing to recover from a ransomware attack that was discovered at 11 a.m. on July 9 and affected email and internet services, as well as its electronic health records system.
Data in the EHR was not breached, but to be safe, record systems were quickly taken off-line and remain inaccessible to hospital staff and clinicians, according to a Cass Regional spokesperson.
About 250 workstations were affected by the attack; as of late Wednesday, most stations were back online with about 25 more workstations yet to be cleansed of the malware.
Mitigation work continues on decrypting servers and files, and forensic experts are examining how the attack occurred. In daily updates on its website, hospital executives are expressing confidence that normal operations could resume by the end of the week.
Cass Regional continues to operate by using paper medical records, but it remains on ambulance diversion for patients with trauma or stroke conditions. When the attack was discovered, the hospital’s incident response protocols were launched, with patient care managers working to ensure patient care could continue while information technology professionals and senior leaders worked with law enforcement and cybersecurity experts.
The hospital is a critical access facility with two medical-surgical suites, four ICU beds and 10 behavioral health beds, according to the spokesperson. Cass Regional is not divulging the type of ransomware used in the attack and declined to discuss if paying ransomware is an option, but notes the forensic investigation continues.
“Our primary focus continues to be on our patients and meeting our mission to provide healthcare services to our community,” says CEO Chris Lang. “We are deploying every resource available to us to resolve this situation quickly so we can resume normal operations.”