Two US Hospitals Hit with Ransomware

Written by

A pair of hospitals owned by Ohio Valley Health Services and Education Corp. are struggling to fully recover from last week's ransomware attack that left both facilities unable to accept emergency transport patients, according to WV News. As a result, emergency squads redirected patients to other area hospitals after learning of the full redirect at both East Ohio Regional Hospital (EORH) in Wheeling, West Virginia, and Ohio Valley Medical Center (OVMC) in Martins Ferry, Ohio.

On November 23, Karin Janiszewski, director of marketing and public relations for EORH and OVMC told The Times Leader, “At the moment, our emergency rooms are unable to take patients by E-squads, but we can take patients by walk-in." Daniel Dunmyer, CEO of OVMC, added, “The OVMC-EORH employees and medical staff have been very adaptive and supportive and we are able to continue with quality patient care.”

Though patient records reportedly remain secure, both hospitals experienced downtime. The hospitals’ IT team took multiple computer systems offline, resulting in the two facilities having to revert to paper charting systems. When the attack struck on Friday evening, it was anticipated that the issue would be resolved by Sunday; however, as of reporting time, no updates have been issued.

The extent of ransomware’s impact is often much larger than an organization’s ability to access its systems, especially for hospitals. “The demanded ransom amounts often pale in comparison to the collateral damage and downtime costs they cause,” said Justin Des Lauriers, technical project manager, Exabeam.

“The ideal case would be to detect and stop ransomware before an infection occurs. Unfortunately, this insidious software is almost always detected after the damage has already occurred – it having reached the ‘payday’ stage of the Ransomware Kill Chain (where the hacker demands ransom).”

Janiszewski also noted that the hospitals have redundant security, but often with ransomware, prevention plans aren’t enough, according to Gijsbert Janssen van Doorn, technology evangelist, Zerto.

“Attacks build in frequency and strength, causing irreparable harm to brand reputation and increasing risk,” Janssen van Doorn said. “Instead, organizations need to invest and create more dynamic, modern approaches to business continuity and disaster recovery (DR). Full IT resilience plans, including backup, disaster recovery and cloud mobility, are key to this and enable organizations to withstand both planned and unplanned disruptions. Being able to easily and quickly recover data and computer systems would help hospitals, like those in Ohio and West Virginia, ensure they can offer patients the lifesaving care they need no matter what.”

What’s hot on Infosecurity Magazine?