Erie County Medical Center officials say a virus that has shut down the hospital's entire computer network since early Sunday morning has not affected the care delivered to patients or nursing home residents.
The hospital has accepted all incoming patients and has moved ahead with all scheduled surgical procedures, said Peter Cutler, an ECMC spokesman. Hospital and nursing home staff have manually admitted patients, filled prescriptions and scheduled exams as technology staffers work to bring computer systems back online.
"Our goal is to have everything restored as quickly as possible," Cutler said.
Hospital officials still are not saying whether they are victims of "ransomware" – in which hackers shut down a computer system until the owner pays a ransom. The attack remains under investigation by the FBI and the State Police.
Asked how the virus entered ECMC's computer network, Cutler declined to comment. And asked directly whether the hospital has received a demand for payment, he also declined comment.
If this turns out to be a case of ransomware, ECMC would not be the first hospital, or local institution, to suffer such an attack.
Hospitals are frequent targets of ransomware, and Becker's Health IT and CIO Review in December reported 12 incidents from 2016.
In one of the more notable cases, hackers shut down the computer systems of Hollywood Presbyterian Medical Center in California and demanded a ransom paid in bitcoin. About two weeks later, the hospital gave in and paid the hackers the equivalent of $17,000.
Becker's list of ransomware attacks included hospitals in Germany, Canada, Texas and Virginia.
Hospitals may be victimized more often because they have so many employees engaged in so many different functions that it makes it easier for a hacker to find a soft entry point, or it could be a vulnerability in the type of software they employ, said Jeffrey J. McConnell, a professor and chair of the computer science department at Canisius College. Or, he said, hackers are drawn to the wealth of patient, financial and employee data that hospitals maintain.
"It may be we're seeing more and more hospitals being attacked because they're more likely to pay the ransom just to make sure they haven't lost the information," McConnell said.
Locally, in 2014, the City of Lockport paid a $500 ransom to a computer hacker who had gained access to the city’s police records and locked them down. And the Niagara County Health Department computer systems were hacked last year. The hacker demanded a ransom to unlock the computer, but system managers were able to restore the lost information from backed up data and never paid.
The FBI, in a statement last year, urged organizations not to pay ransoms in these cases because there was no guarantee the hackers would give back full access to the data after receiving the payments.
From the outside, the ECMC case appears to be an attack by hackers, McConnell said. If this were a straightforward infection of the system, IT staffers would have been able to start securing the network and bringing it back online a lot sooner, he said.
"It looks suspiciously like it's more than just your run-of-the-mill virus," McConnell said.
Investigators are likely trying to find out what type of attack they're dealing with and, if it's a case of hackers stealing and encrypting ECMC's data, whether there is a way to circumvent the encryption to restore the data without ECMC having to pay a ransom, McConnell said.
Some of that will depend on how frequently and how extensively the hospital backs up its data, such as whether that process takes place overnight or is performed up to the second, he said. Cutler said all of ECMC's data is backed up, and the hospital doesn't believe any data is lost.
ECMC said it has spent the past several days since Sunday adapting to serving its patients and its nursing home residents without access to computer records or systems.
A virus knocked out the computer system sometime between 2:30 a.m. and 3 a.m. Sunday, according to the hospital. The hospital's information technology team has worked with GreyCastle Security, an outside consultant, and with State Police cybersecurity investigators and the FBI to figure out what happened, Cutler said.
As IT staffers work on recovery and restoration, physicians, nurses and other employees are using paper records to conduct the business of the hospital. It may be more time-consuming but, Cutler said, the hospital's operations and the delivery of care to patients haven't suffered.
The hospital is following training that it puts in place to use in case of a power outage, he said.
Richard Canazzi, president of AFSCME Local 1095, which represents between 650 and 700 employees at the hospital and its Terrace View Long-Term Care Facility, said workers he has spoken to in the past few days aren't concerned about the effect of the computer shutdown on patients.
"It's probably an inconvenience more than anything," he said.
Before taking his union position, Canazzi worked in the hospital pharmacy, at a time when prescription orders were received on paper and entered into computers. So he said the loss of the network shouldn't be too much of an adjustment for veteran employees in the department.