Hospital chain cancels emergency cases because of ransomware attack

A Marietta, Ohio-based hospital chain was forced recently to cancel IT systems and shut down surgeries underscoring the deadly consequences of ransomware.

In the wake of this attack, which took place on August 15 Memorial Health System was reduced to working with paper charts.

The attack resulted in disruptions to clinical and financial operations, Memorial said in an Aug. 18 statement.

Memorial Health System is a network of 325 providers representing 64 clinics spread across southeastern Ohio and parts of West Virginia, according to its website.

While urgent emergency cases were canceled a serious consequence of the attack emergency cases, which are the most critical, were postponed in an interview, Jennifer Offenberger, associate vice president of service excellence at MHS, explained in an interview to FOX Business.

There is a difference between emergent and urgent, she said, the latter being urgent cases. Emergent is life-threatening urgent is something that may need to be done but it has a little broader time scale to it.

But to recover the gravity of the attack, according to Offenberger, FBI, Homeland Security and other security organizations were brought in to restore information operations.

We could not access our servers which contain all of our patient data, she said.

Offenberger is negotiating with the attackers with assistance from the FBI, Homeland Security and insurance carriers, Offenberger said, adding that This was ransomware. One of the most distressing facts about ransomware is that it often requires a payment sometimes millions of dollars to restore operation. Offenberger did not disclose details about the negotiations.

The President and CEO of Memorial Health System said on Aug. 18 that no other known patient or employee personal or financial information has been compromised.

As we have witnessed over the last year, the attackers have no respect for human lives, Fleming Shi, CTO of Barracuda Networks, told FOX Business. They are finding the most critical services and organizations to attack so they can get paid.

Time Eades, CEO of vArmour, called ransomware attacks an existential threat to hospitals and healthcare.

A hospital's reputation matters, and ransomware attacks can plant distrust with the public during a time when trust in public health is more important than ever, Eades said.

A whopping 48% of hospital executives reported shutdowns in the last six months, according to a new study from Philips and CyberMDX.

The problem is also costly. Medium hospitals report an average shutdown time of 6.2 hours at a cost of $21,500 per hour, while large hospitals averaged more than 10 hours at the cost of more than double the cost or $45,700 per hour, the report said.

And hospitals and health care systems continue to be vulnerable despite the wave of attacks.

When asked about Computer System vulnerabilities targeted by criminal gangs, the majority of respondents said their hospitals were unprotected, the report said.

Currently, ransomware groups are managing to breach hospitals and medical organizations by using the same tried and tested methods, often targeting users with malicious emails, attachments and links, said Ian Pratt, Global Head of Security for Personal Systems at HP, told Fox Business.

Every technology decision a hospital makes is a security decision and even the smallest vulnerability can compromise patient safety and privacy, said Pratt.