Healthcare Ransomware Attack Leads to EHR Downtime in IN

August 26, 2021 - Indiana-based Eskenazi Health announced that bad actors may have released personally identifiable information (PII) online in light of an August 4 healthcare ransomware attack that resulted in ambulance diversions and EHR downtime.

Hospital officials initially stated that they did not believe patient or employee PII was compromised, but further investigation revealed that some of the health system’s files were obtained by bad actors. Eskenazi Health identified the files and began the process of examining them for any patient or employee PII.

The health system has not yet determined whether PII was released, but forensic experts are actively analyzing the leaked data and will alert individuals if any PII was compromised.

“We have prepared for events such as this and we quickly acted in accordance with our information security protocols to maintain the safety and integrity of our patient care,” the announcement stated.

“The health system is open and operating with patient procedures and appointments underway. Our treatment of COVID-19 patients and our vaccination efforts are unaffected. We continue to conduct a thorough forensic evaluation of our systems.”

IndyStar first reported that the cyberattack resulted in all incoming ambulances being rerouted to other hospitals. The attack occurred at approximately 3:30 a.m. on August 4 and the ambulance diversions began at 7:51 a.m.

The diversions lasted at least through August 9, and the hospital was forced to cancel some elective procedures.

The health system shut down email and electronic medical records systems in order to ensure data security before going back online. The diversion did not impact patients who were actively being treated at Eskenazi Health, IndyStar reported.

“There is no evidence that any of our files were ever encrypted and we will not make any payment to the bad actors,” Eskenazi Health affirmed.  

“Our system worked as it should and the quick action by staff, in accordance with our information security protocols, enabled us to maintain the safety and integrity of our patient care.”

The health system notified the FBI of the cyberattack. There is no evidence that bank or credit card fraud occurred as a result of this incident, but the announcement warned patients and employees to keep a vigilant watch on their bank and credit card statements.

It often takes health systems a significant amount of time to recover from a ransomware attack. St. Joseph’s/Candler in Georgia just announced that it is back to being fully operational on August 20 after a ransomware attack that began in December 2020 and went undetected until June 17.

The attack impacted 1.4 individuals and forced the health system into EHR downtime. Providers were required to document clinical notes on pen and paper.

Healthcare ransomware attacks can be costly and pose risks to patient safety. Without access to electronic medical records, providers are unable to view patient history and treatment plans, which can result in delays and disruptions in care.

Health systems must remain cautious and maintain up-to-date cybersecurity practices to prepare for the all-too-common occurrence of a ransomware attack. The National Institute of Standards and Technology (NIST) recommends that organizations use antivirus software, patch all computers, restrict the use of personal devices on an organization’s network, and avoid clicking on links from unknown sources.