It was the last day of the last weekend of the month of November, East Ohio Regional Hospital in Harper’s Ferry, Ohio, and Ohio Valley Medical Centre in Wheeling, West Virginia both were caught to be in ransomware affect. This incidence affects the whole day process in the hospital; ambulance patients were transported to other hospitals nearby and emergency room admissions were only available for walk-up patients.
Quick response by employees
Karin Janiszewski, director of marketing and public relations for EORH and OVMC stated on the day after the incident was happened:
“There has been no patient information breach. The hospitals are switching to paper charting to ensure patient data protection. We have redundant security, so the attack was able to get through the first layer but not the second layer.”
As he mentioned, hospitals quickly reacted to that incidence, that’s why, the attackers could not succeed in their plan. Full credit goes to the employees who soon started doing offline activities and were switch to paper charting to ensure patient data protection.
Malware attacks increases on health organizations
In the US, it has become common thing that huge organizations, especially healthcare industry are found to be victims of data breaches and malware attacks.
In year 2016, such a ransomware attacks was happened on Hollywood Presbyterian Hospital, where the attackers locked all the data and demand ransom amount in the Bitcoin for the retrieval of the files.
Kansas Hospital was the evidence of another ransomware attack, when their all data were encrypted. Unfortunately, even after the payment was made, attackers disappeared ignoring the promise to decrypt the locked files.
Previous year, Indian based hospital got infected by SamSam ransomware, due to which the hospital decided to pay 4 BTC ($45 000 at that time) to get the decryption key. This time developers gave what they promised.
IT staff steps towards the outbreak to avoid a data breach
This attack on Ohio hospital, however, does not lead to data breach. When the incident happened, all the employees are ready to do offline activities until the downtime is over. IT team took several computers offline, and due to their effort the situation was handled quick enough to prevent having the sensitive data being compromised.