A special statement from Cass Regional
Update - July 16
Cass Regional Medical Center brought its EHR (electronic health record) back online today for the first time since a July 9 ransomware attack on the organization’s information technology infrastructure prompted a precautionary shut down of the EHR.
“After consulting with our EHR vendor, we determined that any immediate threat that may have been present as a result of last week’s attack was mitigated, and that it was in the best interest of our patients to go ahead and bring the system back up,” said Chris Lang, CEO.
Now that use of the EHR has resumed, Cass Regional is no longer on ambulance diversion for trauma and stroke patients.
A third-party cyber forensic firm has nearly completed its investigation into the attack. Evidence gathered by the firm indicates that the system breach was caused by a brute-force attack via Remote Desktop Protocol (RDP).
“RDP is a widely-used interface that allows remote access to systems for legitimate business purposes,” Lang said. “Unfortunately, the attackers were able to exploit this feature and gain access. We have since modified our systems to eliminate this risk.”
“Again, we deeply appreciate the support that our community has given us this past week,” Lang added. “We are glad to resume normal operations and focus all our energies on taking care of our patients.”
Update - July 13
Cass Regional Medical Center continues to await complete forensic results following the July 9 ransomware attack on its information technology infrastructure.
“The investigation is ongoing,” said Chris Lang, CEO. “We now have an idea of how the attack occurred, but are waiting until the investigation is complete before releasing further details.”
Most computer systems at Cass Regional are operational; however, the organization’s leaders, in consultation with Cass Regional’s electronic health record (EHR) vendor, have decided to keep the EHR system offline until more information is known about the attack. Cass Regional will continue to be on ambulance diversion for trauma and stroke patients until the EHR is in use.
Update - July 11
Cass Regional Medical Center continues to make significant progress in recovering from the July 9 ransomware attack on its information technology infrastructure.
“We are approximately 90% of the way through the recovery process,” said Chris Lang, CEO. “Most of our systems are back up and running.”
Cass Regional’s electronic health record (EHR) will remain offline until third-party cyber forensic experts complete their investigation. Results of the investigation thus far indicate that the virus is no longer present on the organization’s systems. Hospital leaders anticipate that the EHR will be back online within 24 to 48 hours, and indicated that Cass Regional will continue to be on ambulance diversion for trauma and stroke patients until the EHR is in use.
Update - July 10
Cass Regional Medical Center continued recovery efforts today following the July 9 ransomware attack on its information technology infrastructure. Working with an international cyber forensics firm, the organization began decryption of affected systems and files early this morning. Restoration is now estimated to be 50% complete.
Cass Regional continues to be on ambulance diversion for trauma and stroke patients as a precautionary measure. Despite the disruption caused by the attack, the organization has been able to continue providing inpatient, outpatient, emergency and primary care services.
“I am extremely proud of our staff for the manner in which they have rallied to make sure we can still take the very best care of our patients,” said Chris Lang, CEO. “It has not been easy, but their dedication and can-do attitude is inspiring.”
The hospital’s electronic health record (EHR) is still offline pending a thorough investigation of the attack by third-party cyber forensics experts in order to ensure that no protected health information has been compromised. Hospital leaders anticipate that the EHR will be brought back online within 72 hours.
“We deeply appreciate the patience and support that our community has shown during this challenging time,” Lang said. “We look forward to resuming normal operations and continuing our mission to meet the health care needs of area residents.”
At approximately 11 a.m. this morning, Cass Regional Medical Center became aware of a ransomware attack on its information technology infrastructure. Affected areas include internal communication systems and access to the organization’s electronic health record (EHR). At this time, there is no evidence that patient data has been breached, but as an extra precaution, Meditech, the hospital’s EHR vendor, has opted to shut down the system until the attack is resolved.
Hospital leadership initiated the organization's incident response protocol within 30 minutes of the first signs of attack. Patient care managers met to develop detailed plans to ensure that patient care continued to be provided in a safe and effective manner, while information technology and senior leaders are working with law enforcement and cybersecurity experts to develop a quick resolution to the situation.
"Our primary focus continues to be on our patients, and meeting our mission to provide health care services to our community," said Chris Lang, CEO. "We are deploying every resource available to us to resolve this situation quickly so we can resume normal operations."
In the meantime, the hospital continues to evaluate its capabilities in relation to this attack. This afternoon, as an additional precautionary measure, clinical leaders at Cass Regional decided to go on ambulance diversion for trauma and stroke in order to ensure optimal care for those patients. Hospital personnel will continue to evaluate the situation and respond accordingly.