Cyber attack on Erie County Medical Center was ransomware
Last month’s cyber attack that devastated information systems at 602-bed Erie County Medical Center in Buffalo, N.Y., was a result of ransomware, and the facility is still working toward fully restoring its systems.
Cybersecurity consultant GreyCastle Security, hired by the hospital to help restore its information systems, confirmed that the organization was hit with file-encrypting malware.
“The restoration continues,” says GreyCastle CEO Reg Harnish, who was on-site at the hospital on Monday. “The vast majority of their clinical systems are back online. No ransom was paid.”
However, Harnish was quick to add that the ransomware that hit ECMC was a “completely different variant” than the WannaCry ransomware attacks that began to surface on Friday and are sweeping healthcare and other organizations across the globe. “I don’t think there is any connection.”
Harnish said the impact of the attack on the organization was profound, suggesting that, before this weekend’s worldwide ransomware attack, ECMC’s malware incident was quite possibly “one of the largest attacks in history.”
“Reg (Harnish) doesn't speak for ECMC and we have not yet made such a statement,” wrote Peter Cutler, vice president of communications and external affairs at ECMC, in an email reply to a query from Health Data Management. “Will keep you posted,” Cutler added.
Nonetheless, Harnish says that “the team has really done a good job here pulling together and minimizing the impact on patients.” He adds that “there has been very little clinical impact due to the personal heroics of the staff here, (and) they’ve done a really good job recovering from this.”
The ransomware attack was so devastating that it took weeks for ECMC to return its information systems to operation. As of Monday, more than a month after the incident, the hospital’s systems are still not fully operational. Harnish could not say when all of ECMC’s systems would be up and running again.
On April 9, ECMC’s IT department detected a virus and immediately carried out a shutdown of its email, electronic health record system and website—among other systems—as a precautionary measure. At the time, Cutler said that the first sign that “something came into the system” was when a message appeared on the desktop computers of hospital staff. Anonymous sources cited by The Buffalo News reported that ECMC was the victim of ransomware.
Still, Cutler in an interview with HDM last month would only describe the attack as a “virus” and insisted that there was “no compromise of patient health information” and that the health data was backed up and “protected." He would neither confirm nor deny that ransomware was the cause of the cyber incident at the hospital. ECMC has been working with GreyCastle Security in addition to federal and state law enforcement agencies to investigate the attack.
“Regardless of whether it came in through social engineering or a vulnerability or a default password, we have to recognize that these types of issues are going to continue to occur,” concludes Harnish. “The idea behind cybersecurity is not to prevent all attacks or to eliminate risk. It’s to introduce resiliency into an organization.”