Six Weeks Later, New York’s Samaritan Health Still Recovering From Malware Attack

The Watertown, N.Y.-based Samaritan Health is still working to restore its computer system after taking it offline on July 25 due to security concerns involving malware.

Officials of the Northern New York 290-bed hospital stated that “Steady progress has been made as we restore our systems and network slowly and methodically to ensure a thorough and safe process.” Over the last six weeks, the hospital has not disclosed much information about the incident itself, but local media reports at the time noted that Samaritan had to resort to using paper for documentation.

Then on Aug. 19, the hospital publicly stated that it had restored its primary hospital electronic medical records (EMR) application, accounting, and payroll systems. The restoration of the hospital EMR will enable hospital staff to resume regular processes for electronic patient registration, hospital scheduling, as well as patient records utilization, officials said on that date, adding that hospital patient records recorded manually while the hospital operated on down-time procedures would be digitally entered into the EMR.

In the most recent Sept. 7 update, officials said that in addition to the primary hospital EMR, the following systems and applications have been restored and are now fully operational: the behavioral health/addictions EMR and scheduling; the long-term care EMR; accounting and payroll applications; and other ancillary patient care systems.

However, the organization’s IT team and third-party computer forensic professionals continue to work to restore the following systems at several clinical locations, including all primary care practices affiliated with the system.

Samaritan clinicians are still seeing patients at locations where the computer system hasn't been restored, and is advising patients to bring their most recent medication lists and any pertinent medical updates. What’s more, Samaritan’s online portals and smartphone applications are still not operational.

According to an Aug. 20 report in CyberScoop, there was no evidence that patient data had been compromised and it’s unclear who was responsible for the attack.