Ransomware Attack Shuts down Cass Regional Medical Center EHR Provisionally

July 17, 2018


Cass Regional Medical Center in Harrisonville, MO suffered a ransomware attack at about 11 am on Monday, July 9 that stuck its communication system and prevented workforce from logging onto its electronic health record (EHR) system.

The health center had processes in place for such a crisis situation. Its incident response procedure was kicked off within half an hour of the discovery of the attack and workforce met to develop comprehensive plans to alleviate the effect on patients.

Ransomware attacks usually don’t involve the hackers gaining access to data, even though as a preventative measure, designated EHR seller Meditech shut down the EHR system while the attack was studied and remediated. As of yet, no proof has been found to indicate patient data have been obtained.

As an additional preventive measure, ambulances for trauma and stroke have been redirected to other medical facilities. Without access to the EHR system, workforce used pen and paper while its IT workforce worked to decrypt data and get its systems back to working levels. A prominent international forensics firm was hired to help with the remediation of the attack and on July 10, one day after the attack, about half of the encrypted files had been reestablished.

The range of ransomware used in the attack has not been disclosed and it is presently unclear precisely how the ransomware was positioned on its systems. It is unknown whether the ransom demand was met in order to get the keys to open the encryption or if files are being recovered from standbys.

The EHR system is still disconnected while the inquiry into the safety breach is being finished. The third-party forensics company will determine whether any patient data was gotten by the hackers before the system being brought back online. Cass Regional Medical Center is optimistic that the system will be brought back online within 72 hours. So far, trauma and stroke patients are still being diverted to other medical centers.

The prompt reaction to the attack and the negligible interruption to medical facilities highlights just how vital it is to arrange for ransomware attacks and to develop incident reaction processes that can be put in place as soon as an attack is discovered. Without such strategies in place, significant time can be lost at the most critical phase of the incident reaction procedure.

Chris Lang, CEO, in a post on the Cass Regional Medical Center Facebook page, said: “I am really proud of our workforce for the way in which they have united to make certain we can still take the very best precaution of our patients. It has not been easy, however, their devotion and can-do approach are motivating.”