Geneva, NY-based Finger Lakes Health has been hit by a ransomware attack that has impacted its computer system. Employees have been forced to work on pen and paper while the health system tries to remove the malware and restore access to electronic data.
The ransomware attack on the health organisation began at around midnight on Sunday March 18, 2018, with employees becoming aware of the attack when a ransom demand was issued by the hackers.
Finger Lakes Health manages Geneva General Hospital and Soldiers & Sailors Memorial Hospital in Pen Yan and several specialty care practices, primary care physician practices, long-term health centers, and day care clinics in upstate New York. It is not clear exactly how many health centers have been affected by the ransomware attack.
Finger Lakes Health has put in place emergency procedures for attack scenarios such as this, which were immediately adapted when the attack was identified. On March 20, the health system released a statement to local media channels about the attack outlining that while some of its information systems were inaccessible, its manual downtime protocol had been put in place and its hospitals and care facilities were still functioning. Such an attack will clearly have an impact on the provision of medical services, although patient care is still the main priority while the ransomware attack is managed.
Finger Lakes Health is working alongside law enforcement agencies and IT teams to restore access to data and bring its systems back to full functionality. Currently it appears that the hackers have only encrypted data. There is no proof to suggest that any patient or employee information has been accessed.
No details on the type of ransomware used in the ransomware attack has been issued and it is not clear exactly how much was requested by the hackers to supply the keys to unlock the encryption, although Finger Lakes Health’s vice president of community services, Lara Turbide, has stated that the ransom was paid. She said: “We made this decision in the interest of patient and resident care to minimize patient inconvenience and to move past this incident as quickly as possible”.