Ransomware Attack on Cass Regional Medical Center Shuts Down EHR System

Cass Regional Medical Center in Harrisonville, MO has announced it suffered a ransomware attack at 11 am on July 9, 2018. The attack affected its communication system and employees were prevented from accessing its electronic medical record (EHR) system. Because the medical center had developed incident response policies prior to the attack, prompt action could be taken in response to the security breach. The emergency response protocol was implemented 30 minutes after the ransomware attack was discovered and hospital staff were called into a meeting to make plans that would enable them to minimize the impact on patient care.

Typically, attackers do not gain access to healthcare data during ransomware attacks. But as a safety precaution, Meditech, the EHR vendor, shut down the EHR system. The EHR system will remain offline while the incident is investigated and the ransomware is removed. At this point, no evidence of data access has been found.

While medical services continue to be provided to patients, as an additional precaution, ambulances for trauma and stroke patients were rerouted to other healthcare facilities. Because the EHR system is down, medical staff are using pen and paper to record patient information. IT staff are currently restoring files with assistance provided by an international computer forensics firm. On July 10, about 50% of the files had been restored. At this stage it is unclear what variant of ransomware was used in the attack and whether the ransom was paid.

The EHR system system is still offline and will not be brought back online until the third-party forensics company has confirmed whether patient data was improperly accessed. It is expected that the system will be restored within 72 hours.

Cass Regional Medical Center was able to respond quickly to the attack and limit harm as incident response procedures had been developed specifically for this type of attack. Without those procedures in place, an incident such as this could cause valuable time to be lost responding to the attack, which would naturally have a negative impact on patient care.