Ohio-based Kettering Health announced this past Friday that it had stepped up an emergency urgent clinical support line and temporary retail pharmacy contact numbers to ensure care continuity during a system-wide IT outage.
The health system also said on social media over the weekend that patients are back in radiation treatment thanks to the commitment of its technical and clinical staff.
WHY IT MATTERS
The network cyberattack on Kettering that started May 20 limited access to patient care, resulting in the cancellation of elective surgeries, and shut down its call center and text messaging services.
While emergency rooms and clinics remained open across its 14 medical centers and more than 120 outpatient facilities, other local hospitals were called upon to provide critical patient care.
"We want to publicly express our appreciation to the network of Greater Dayton and northern Cincinnati hospitals and health systems, particularly Dayton Children’s and Premier Health, as they have partnered with us to care for the community during this time," Kettering 's CEO Mike Gentry said in a statement Friday on the health system's tech outage update page.
On Monday, Cincinnati NBC's affiliate, WLWT5, reported that the health system's patient portal was not affected by the incident.
"What we know right now is that apps such as My Chart and those things have not been impacted," John Weimer, senior vice president and leader for incident command at Kettering Health, said in the story. "Internally, we are working to still understand with our partners if we had employee or patient information compromised."
Weimer also confirmed that the attackers posted a message visible across Kettering's network, giving the organization 72 hours to contact and negotiate a ransom payment. Previously, CNN reported the ransomware note led to an extortion the Interlock ransomware gang's extortion site.
"Throughout our thousands of computers, there [were] pop-up messages that speak to some demands, but there's been no direct conversation with us as of yet that I'm aware of," he reportedly said.
Kettering pledged to focus on swiftly restoring systems. On Monday, the health system posted a video to its social media that featured its radiation oncology technology coming back online to treat patients.
"What usually takes weeks to come back online was back in just five days," according to the video.
"We are now treating patients who had active radiotherapy plans again," Dr. Anthony Paravati said in the video. He then credited the staff for their sacrifices working through the Memorial Day holiday weekend to get systems up and running and to use them to provide patients with life-saving treatment.
The day and time of appointments do not matter to care providers, added Sarah Macke, a radiation oncologist. "We are here for them no matter what."
Christopher Wennerstrom, a technical physicist at Kettering, called it an "amazing feat" to see the linear accelerators back online in the short timeframe.
THE LARGER TREND
Kettering not only faced a ransomware attack that began the morning of May 20, but also confirmed by the end of the day that a phone scam quickly targeted its patients directly.
Persons claiming to be team members were asking for credit card numbers to pay outstanding medical bills. As a result, the health system said it had halted certain billing activities until further notice.
Considered and investigated as threat-to-life crimes, expediting recovery from healthcare cyberattacks is critical to patient safety, John Riggi, national advisor for cybersecurity and risk for the American Hospital Association, told Healthcare IT News.
"You are going to have to make a battlefield call without all the facts, under duress, under time constraints, in the face of an adversary who will change course based on what you do," he said.
When a hospital is shut down by ransomware, neighboring hospitals are also strained.
"We need to plan regionally for highly disruptive ransomware attacks that will have a regional impact," he said. "We have seen it over and over."
Riggi advised leveraging resources like mutual aid agreements to address business and clinical continuity when a cyberattack threatens three to four weeks of downtime.
ON THE RECORD
"At the end of the day, it's about lives," Dr. Matthew Knecht said in Kettering's social media video announcement. "You don't want it to be [the patient's] problem at the end of the day. It's still our problem. And we found a way to make that happen."
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
English (US) ·