Florida Hospital Employee Largely Stops A Ransomware Attack In Its Tracks

I have been saying for years that you have to have more than tech to stop a ransomware attack. You have to have employees who are trained to spot an attack and do the right thing. And this CNN Story illustrates this:

The emergency room of Jackson Hospital, a 100-bed facility on Florida’s panhandle, called to report that it couldn’t connect to the charting system that doctors use to look up patients’ medical histories. Jamie Hussey, Jackson Hospital’s IT director, soon realized that the charting software, which was maintained by an outside vendor, was infected with ransomware and that he didn’t have much time to keep the computer virus from spreading. The hospital shut down its computer systems on his advice.

“If we hadn’t stopped it, it probably would’ve spread out through the entire hospital,” Hussey said. Hospital staff ditched the electronic records and reverted to pen and paper to keep the hospital running and organized, he said, but patient care wasn’t disrupted.

As Hussey spoke to CNN Tuesday, the hospital’s IT systems were gradually coming online, and he was expecting phone calls from the FBI (which investigates hacking incidents) and Aon, a cybersecurity consultancy that Hussey said was supporting the recovery. He was trying to figure out if the hackers had stolen any hospital data, and if they might need to be paid off to get it back.

Now to be clear, he wasn’t 100 percent successful in stoping the attack, but it could have been far worse:

The emergency room’s charting system could be offline for the rest of the week, he said. (Doctors have been getting ER patient records from other parts of the hospital network). 

The entire hospital had to temporarily switch to what medical professionals call “downtime procedures” — contingency plans after Hussey’s team shut computers down. For several hours, things like physician notes and prescriptions for patients were processed by hand. 

The attackers also encrypted a computer server that Jackson Hospital uses to store non-critical organizational documents. Hussey was trying to figure out if there was anything in those files that contained data on Jackson patients and, if so, if the hospital should pay a ransom to get them back (he said he wasn’t aware of any ransom demand from the hackers).

Hopefully he doesn’t pay the scumbags a single dime as if there’s no profit in it, these hackers will move on to something else. And his method to get back online is one that other organizations should copy:

The recovery process at Jackson Hospital has been meticulous to ensure that malicious code isn’t lingering in some neglected part of the network. Hussey’s team went down the list of computer systems across the hospital, starting with the most critical, and made sure they weren’t infected with ransomware. They physically disconnected the hospital’s electronic health records system from the rest of the computer network to check them for malicious code before reconnecting to the system.

By Wednesday, hospital computers were back online except for the charting systems used by the ER.

Hussey said the decision to shut computer networks down may not be popular with some hospital staff, “but it’s better to be down a day than be down a month.” 

“Lock it down and piss people off,” Hussey, who has worked at Jackson for over 25 years, said in a Southern drawl. “It’s what you have to do just to secure your network.”

Agreed. This story highlights that all organizations need to be prepared for a ransomware attack. Be it with tech, and training. It may be the difference between a short term annoyance and a catastrophic event.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: