Erie County Medical Center (ECMC), based in Buffalo, N.Y., and its long-term care facility have been hit with a computer virus that has shut down the electronic health record (EHR) system and staff have reverted to documenting on paper, according to a report by The Buffalo News. There is also speculation that the computer virus may be ransomware, but, according to media reports, hospital officials have not confirmed, or denied, the presence of ransomware.
According to Buffalo News reporters Dale Anderson and Stephen T. Watson, in a story posted April 10th, the virus shut down the entire computer system at ECMC between 2:30 and 3 a.m. on Sunday, which also affected ECMC’s Long-Term Care at Terrace View facility.
The FBI and State Police are investigating the incident, a hospital official said on Monday, according to the news story.
“Shortly after discovering the virus, the hospital reached out to State Police cybersecurity investigators, who brought in their counterparts from the FBI. The hospital also has its own technology staff plus GreyCastle Security, a private consultant, working on the problem,” Anderson and Watson wrote.
The computer system has been offline since Sunday, and media reports quoted hospital officials as stating that they expected patient data to be accessible again by today (Thursday).
Hospital executives would not comment on whether the virus was ransomware, according to reporting from The Buffalo News. However, WGRZ, a TV station based in Buffalo, has reported today that two sources said that the virus that took down the computer system was the result of ransomware. WGRZ reporter Michael Wooten wrote, “For days, many experts have speculated that ransomware was to blame, based on the hospital's response, the length of time it's taken to repair the system and other factors. Ransomware is when hackers get into a computer system and demand money. One source said the ransom at ECMC was in the tens of thousands of dollars.”
The Buffalo News article reported that the hospital said all patient records, financial data and human resources records are backed up, so officials are not concerned about losing that data. “But all patient admissions, prescription writing, and other such activities are being done manually while ECMC's information technology department tries to bring their computer systems back online,” the reporters wrote.
That article also quoted ECMC spokesman Peter Cutler as stating on Monday evening, “The hospital has a well-planned and prescribed back-up process in event of a situation like this. What it has done is everything's more labor-intensive because everything has to be done manually." And, the article also quoted Cutler as saying that the shutdown affects desktop computers and access to the hospital's data systems, however, laptops were distributed so that staff could do some of its work and communication via WiFi.
In a prepared statement released Sunday and published by The Buffalo News, the hospital said: “ECMC's computer system today went down. The hospital's IT team immediately commenced a thorough assessment and analysis of the situation. Our priority is maintaining patient safety and quality services. All hospital operations are continuing as normal and have not been interrupted. The hospital's email system, however, is not functioning, so all inquiries should be directed to 898-5500.”
And, hospitals officials have said that the computer system going offline has not affected the care delivered to patients or nursing home residents.
