Hospital cyber attack investigation continues

Hospital cyber attack investigation continues
By Leeann Doerflein -
10/4/21 5:08 PM
Johnson Memorial Health’s information technology team and the FBI are trying to get to the bottom of a weekend cyber attack that crippled the hospital’s computer network.

The hackers gained access to the hospital’s network at 10:31 p.m. Friday and installed ransomware by 10:33 p.m. The hospital’s IT team discovered the attack within about 15 minutes and immediately shut down the system, said Dr. David Dunkle, the hospital’s president and CEO.

The network remained disabled Monday while the investigation continues. The IT team and the FBI have been working around the clock to get to the bottom of the attack, but this type of investigation takes time, Dunkle said.

A FBI spokesperson confirmed the agency is working with the hospital, but would not provide any more details about the investigation.

What information the hackers were able to access was unclear. If the investigation reveals patient data was stolen, the hospital is required by law to alert the public and notify impacted individuals, Dunkle said.

The hospital had not received any requests for ransom as of Monday, so it is unclear whether the hospital can get back full control of the network. Without a clear path forward, the team is preparing for all contingencies, including a full rebuild of the system, he said.

Some hackers charge millions of dollars to return networks to the proper owner, but some may charge less. For example, hackers asked Hancock Regional Health to pay them $55,000 in Bitcoin to return control of their system during a 2018 attack.

Johnson Memorial is not alone. Eskenazi Health in Indianapolis was attacked in August, and Schneck Medical Center in Seymour was attacked last week. No specific details on the Schneck attack are available, but the Eskenazi attack caused the hospital to divert patients, and the hospital said this week patient data was compromised.

It is not clear if the same group that was behind those hospital security breaches is responsible for this attack, Dunkle said.

Across the United States, 560 health care organizations were attacked in 2020, and cyber attacks against health care entities have increased during the pandemic, according to Health IT Security, an industry news site.

With health care ransomware becoming more common, Johnson Memorial had invested in IT infrastructure to protect the network, Dunkle said.

“JMH has invested heavily in cybersecurity. We have not cut corners. That is one of the things that is most frustrating, that despite the investment in cyber security these threat actors were able to circumvent our system,” he said.

But, due to that investment and frequent backups of patient data, hospital staff still have read-only access to patient records, meaning they can see the records but they can’t edit or add new information to them, Dunkle said.

In the meantime, hospital staff will continue with patient care but document all records on paper to be entered into the network later, he said.

The hospital’s emergency room is on diversion because, without the network, they are unable to report bed availability to ambulance services. The diversion is a precaution to avoid overwhelming the ER, Dunkle said.

The impact of the network being down is more heavily felt by staff than patients. Primary care visits will remain as scheduled, but some patients were contacted about delaying non-emergency procedures, he said.

Patients can expect check-in for their appointments to take a little longer than normal due to the paperwork, but the rest of the visit will be standard. The main difference will be the sound of a pen scratching paper instead of keys clacking on a laptop, Dunkle said.

“The public just needs to know we are continuing to put the patient first. We are doing what we can to put the patient first,” he said. “It is not ideal to operate without a computer system, but we are going to get through this, and we are going to do this without compromising patient care.”