The report sheds light on the EHR downtime the provider put into place after experiencing persistent issues with its EHR systems in June. Both the hospital and HMG’s clinics were impacted by the issues with its MEDITECH EHR. However, officials did not explain the cause.
According to the latest, the hackers infected the computer systems with ransomware nearly two months ago when an employee clicked on a malicious link contained in a phishing email. The cyberattack began on a weekend when Grays Harbor IT staff was limited.
During the initial days, staff treated it as an IT issue and officials said servers were turned off the Monday after the attack to contain the infection. However, the ransomware had rapidly spread within the first days of the attack.
Grays Harbor clinics were hit harder by the attack, as the hospital’s older software prevented the ransomware from properly installing on the main system. The ransomware was more effective at the clinics, where medical records, prescriptions, and other functions are still down.
Patient records are still available at the hospital, while the clinics are still operating on paper. Officials stressed that patient care was not impacted, with surgeries, emergency care, and routine appointments continuing as scheduled.
But some appointments were delayed, and patients were asked to bring their prescriptions and other medical histories with them at the time of care. Additionally, Grays Harbor experienced a five-day period where payments could not be processed, which officials said was a large issue for the “cash-strapped” operation.
The money was not lost, but the timing and cash-flow was problematic. Grays Harbor does have cyber insurance with a $1 million cap, which officials are hoping will cover the damage. Officials said the insurance company caused of the lack of transparency, as they were in charge of the response and investigation.
The situation is still ongoing, and officials have contacted the FBI to alert them to the security incident. The report did not explain whether the hospital paid the ransom. What’s more, about 85,000 patients are being notified that their data was compromised during the event. Although officials said there’s currently no evidence of disclosure.
Grays Harbor did have traditional anti-virus and backups in place before the ransomware attack, but even the backups were infected. Officials said they have not yet determined whether the missing records are permanently gone.
Officials are concerned about the ongoing attack, as just a year ago the hospital’s future was still in limbo given “crippling debt.” Ransomware causes some of the largest devastation of cyberattacks, with recent reports showing ransomware payments have increase 184 percent during the second quarter of 2019. The average downtime lasts nearly 10 days.
Grays Harbor is just the latest provider to experience a long period of downtime due to ransomware. After falling victim to two ransomware attacks in the course of two months and experiencing nearly eight weeks of downtime, Kentucky-based Park DuValle Community Health Center paid hackers $70,000 to unlock its records.