A suspected ransomware attack on the Memorial Health System, based in Marietta OH, has resulted in patents being redirected to alternative hospitals. The security breach occurred on Sunday morning and led to Memorial Health disabling its IT systems in order to prevent any additional damage being caused. Emergency protocols were quickly put in place as many of the IT systems were not accessible, and healthcare workers have started using paper charts to record patient information.
It was decided to cancel all urgent surgical appointments and radiology examinations that had been scheduled to take place on Monday. Primary care appointments were not postponed; however, anyone with an appointment was asked to contact the hospital first to confirm that the appointment was going ahead.
A press release issued by the Memorial Health System on August 15 said: “We will continue to accept: STEMI, STROKE and TRAUMA patients at Marietta Memorial Hospital. Belpre and Selby are on diversion for all patients due to radiology availability. It is in the best interest of all other patients to be taken to the nearest accepting facility. If all area hospitals are diverted, patients will be transported to the emergency department closest to where the emergency occurred. This diversion will be ongoing until IT systems are restored.”
The health system manages three hospitals in Ohio and West Virginia, all of which were impacted by the cyberattack. The decision was taken to send emergency patents elsewhere to ensure patient safety as electronic health records were not accessible.
Memorial Health System President and CEO Scott Cantley said, “Maintaining the safety and security of our patients and their care is our top priority and we are doing everything possible to minimize disruption. Staff at our hospitals – Marietta Memorial, Selby, and Sistersville General Hospital—are working with paper charts while systems are restored, and data recovered.”
The group has initiated an official review into the incident; however, it is still unknown how much data, if any, has been impacted in the attack. Representatives of the Memorial Health System have said that, at this stage it does not appear that the cybercriminals accessed employee or patient data. IT specialists are still examining the data breach to ascertain how hackers obtained access to its systems , what they accomplished once they did, and the extent of the data impacted.
The FBI and the Department of Homeland Security have been made aware of the attack. Memorial Health System staff are working with information technology partners to bring systems back online in as short a period of time as possible.
A news report on Bleeping Computer claims evidence has been found to link the Hive ransomware group to the attack. This group publishes stolen data on its leak site to pressure victims into paying the ransom. The report says databases were compromised that stored the PHI of approximately 200,000 patients.