Ransomware Attack Shuts down Cass Regional Medical Center EHR Temporarily

Cass Regional Medical Center in Harrisonville, MO suffered a ransomware attack at Around 11am on Monday July 9 that impacted its communication system and stopped staff from logging onto its electronic medical record (EHR) system.

The clinic had measures in place for such an emergency situation. Its incident response protocol was kicked off within half an hour of the discovery of the attack and staff met to develop detailed plans to mitigate the affect on patients.

Ransomware attacks normally do not involve the haackers gaining access to data, although as a precautionary measure, designated EHR vendor Meditech closed off shut down the EHR system while the attack was reviewed and remediated. As of yet no evidence has been found to suggest patient data have been obtained.

As an additional precautionary step, ambulances for trauma and stroke have been redirected to other medical centers. Without access to the EHR system, staff used pen and paper while its IT staff worked to decrypt data and bring its systems back to operational levels. A leading international forensics company washired to assist with the remediation of the attack and on July 10, one day after the attack, around half of the encrypted files had been restored.

The variety of ransomware used in the attack has not been revealed and it is currently unclear exactly how the ransomware was placed on its systems. It is unknown whether the ransom demand was met in order to obtain the keys to unlock the encryption or if files are being recovered from backups.

The EHR system is still offline while the investigation into the security breach is being completed. The third-party forensics firm will deduce whether any patient data was obtained by the hackers prior to the system being brought back online. Cass Regional Medical Center is hopeful that the system will be brought back online within 72 hours. So far, trauma and stroke patients are still being diverted to other medical centers.

The swift response to the attack and the minimal disruption to medical services emphasizes just how votal it is to plan for ransomware attacks and to develop incident response procedures that can be put in place as soon as an attack is discoveredd. Without such plans in place, important time can be lost at the most critical stage of the incident response process.

Chris Lang, CEO, in a post on the Cass Regional Medical Center Facebook page said: “I am extremely proud of our staff for the manner in which they have rallied to make sure we can still take the very best care of our patients. It has not been easy, but their dedication and can-do attitude is inspiring.”