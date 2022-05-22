After a cyberattack late last month, Yuma Regional Medical Center is returning to normal operations.
The organization, which includes the main hospital campus in Yuma and several facilities across the county, shut down all network systems on April 25 after a ransomware attack.
During a ransomware attack, an individual or organization gains access to a computer network and deploys malicious software, sometimes through email, to block access to data or computers until a ransom fee is paid.
When YRMC first detected the cyberattack, the hospital shut down all network systems and activated security and business continuity procedures. All departments, including patient care teams, switched to downtime procedures, which meant doing everything manually, including handwritten charts and paper prescriptions.
The attack also brought down electronic records, MyCare patient portal, email system and telephone network. In some instances, the hospital plugged in and used analog phones.
The attack also disrupted appointments and procedures, with many of them canceled and rescheduled.
The disruption sparked concern among patients, with several reaching out to the Yuma Sun. Glen Vandervoort was among those who shared his and his wife’s story. On April 26, his wife walked into the cancer center for scheduled routine blood work “and was told they weren’t taking care of anyone, to leave.”
The next morning she had chemotherapy scheduled, and though they did not hear from the hospital, “we knew it was canceled due to no blood analysis.” This led to a “cascade of cancellations” of follow-up treatments and appointments, Glen said.
When the Vandervoorts heard back from YRMC, she asked about a related CT scan scheduled for May 2 and was told to call back that morning. She called at the designated time and was told to call back later that day. She called again and was told they would call back later that day.
On May 5, Glen said, “My wife has called and been told different things, but nothing scheduled – she has been cut off, promised return calls and none made … It is impossible to log into the YRMC Mycare site or app to communicate with her care team. The center does not respond or reach out.”
They felt frustrated because “she needs to know the status of her life-threatening disease and to keep treatment current,” Glen said.
On May 10, Glen noted that his wife’s schedule had restarted and “is going mostly normal.” He reported that “the check-in procedure has been rearranged, and by the parking lot and the chairs, you can tell they are backlogged.”
However, the MyCare patient portal was still not working at that time. “With her schedule, I often check it daily as it changes often and we have to go to different buildings, a very useful tool,” Glen said on May 17. (A Yuma Sun reporter was able to access the portal on Saturday.)
About a month after the attack, YRMC care providers are seeing patients as normal, all canceled appointments have been rescheduled, and the organization is no longer using downtime procedures to conduct operations, the organization said in a statement to the Yuma Sun.
YRMC acknowledged the frustration experienced by patients due to the disruption of their healthcare. “We are aware that in some cases this incident created difficulties for patients, families and care providers. Continuity of care and seamless patient experiences are our top priorities, and as a result of our downtime procedures, we continued to provide quality healthcare to our community,” said Shay Andres, director of marketing.
“Nevertheless, we understand that any disruption to healthcare services can be stressful, and we apologize for any additional complications this incident created for our patients and their families,” she added.
REBOOTING SYSTEM A LENGTHY PROCESS
“Unfortunately, ransomware incidents can be particularly disruptive, and the remediation and restoration processes take time. We have been going through those processes with careful precision and working with third-party experts to ensure all of our systems were deemed safe before bringing them back online,” Andres told the Yuma Sun.
As of the third quarter of 2021, the average length of interruption after ransomware attacks on businesses and organizations in the United States was 22 days, according to statista.com.
The process of rebooting a downed network is lengthy. Jamie Hussey, information technology director of Jackson Hospital, a Florida facility attacked earlier this year, described the process to CNN as meticulous to ensure that malicious code isn’t lingering in part of the network. It means analyzing every single computer system across the hospital to make sure they aren’t still infected, he noted.
As ransomware incidents targeting medical facilities become increasingly common, Andres said that YRMC is “working diligently to further enhance our cybersecurity defenses to help minimize the likelihood of another incident occurring in the future.”
Machele Headington, YRMC vice president of marketing and communications, previously noted that patient information had not been exposed. “We have been able to protect our patient information, so that’s all been working and functioning the way that it should.”
This week, Andres told the Yuma Sun: “At YRMC, our patients are our top priority, and we are very grateful for the support, patience and understanding we have received from them and from our community throughout this incident.
“We are looking forward to continuing to serve our community and are committed to the care of our patients and the wellbeing of their families – as well as further bolstering our relationship with our community,” Andres added.
CYBERCRIMINALS TARGET HEALTHCARE
YRMC is not alone in the ransomware attack. According to the Federal Bureau of Investigations, at least 148 healthcare organizations suffered ransomware attacks in 2021. The FBI Internet Crime Complaint Center anticipates an increase in ransomware attacks in 2022, as reported by the HIPAA Journal.
Kaiser Health News reported that hospitals and healthcare organizations across the U.S. have increasingly faced cyberattacks, interrupting care and putting patients at risk.
“Hospitals have been hit pretty hard with high-impact ransomware attacks during the pandemic,” John Riggi, senior adviser for cybersecurity and risk at the American Hospital Association, told the publication.
A 2021 survey conducted of 597 health delivery organizations indicated that 42% had faced two ransomware attacks in the past couple of years, according to securityintelligence.com.
In another article published by the American Hospital Association, Riggi noted that most cyberattacks on healthcare facilities today are not carried out by domestic, individual hackers. The vast majority of cyber criminals operate from outside the United States, often in nations that do not cooperate with or extradite criminals.
Riggi also noted that ransomware attacks on hospitals are “not white collar crimes, they are threat-to-life crimes because they directly threaten a hospital’s ability to provide patient care, which puts patient safety at risk.” He likened ransomware attacks that cause hospitals to suspend patient care operations to mass-casualty terrorist attacks. He believes the effort to protect hospitals and patients must involve law enforcement, legislative, military and intelligence assets in their defense.
YRMC previously said that it was working with cybercrime agencies but did not disclose further details, including whether it had paid the ransom fee.