The Erie County Medical Center computer shutdown that began Sunday has started to affect patient operations, a hospital official said, but ECMC expects to start bringing its computer system back online Thursday. The shutdown followed the detection of a virus Sunday that hospital officials still decline to confirm as a ransomware attack.
The loss of the computer network has forced ECMC to reschedule some elective surgeries, spokesman Peter K. Cutler said Wednesday, one day after telling The News the shutdown had no effect on procedures at the hospital.
ECMC and its Terrace View Long-Term Care Facility should have full access to its electronic patient records restored by Thursday, including patient admissions and registration, Cutler said. Further operations will come back online starting Saturday, Cutler said.
"It's a huge victory," Cutler said. "All kudos to our IT and clinical staffs."
State Police and the FBI have aided hospital staff in investigating the incident. ECMC officials continue to remain mute on the cause of the computer shutdown, including whether this is a ransomware attack carried out by hackers who encrypt data and demand payment in return for unlocking it.
Cutler said ECMC's website should be accessible as soon as tonight. The hospital hopes that its employees' computers will be usable by Saturday and that its computer systems that handle electronic lab orders and physicians' and nurses' orders also will be up and running, although the lab system could take longer, Cutler said.
Cutler said medical staff informed him the painstaking process of conducting tasks manually has slowed down operations to the point that officials decided to reschedule some non-essential surgeries in order to avoid delaying essential or emergency procedures.
"It's triaging to determine what has to be done based on the circumstances around a particular surgery," Cutler said. "But it's not affecting our ability to deliver the services that are necessary and vital to the patients that we're serving."
However, he said most operations are unaffected because physicians, nurses and other staff have adapted to working without access to the hospital's and the nursing home's computer systems. Medication orders, for example, may have taken longer than previously but they have been performed accurately, Cutler said.
"As this process continues, it poses new challenges, and we have to address them based on our commitment to maintaining patient safety," Cutler said.
The virus appears to be limited to the hospital. The county's Public Health Lab and Medical Examiner's Office, also located on the ECMC campus, are both unaffected, said Peter Anderson, a spokesman for Erie County Executive Mark Poloncarz. He added that because the hospital is a separate public benefit corporation, the hospital is independently run and not under county oversight.
ECMC is keeping information about the computer shutdown close to its vest. Hospital officials have not shared details on the incident with members of the ECMC board of directors, said Frank B. Mesiah, a board member.
Mesiah said he appreciates that hospital information technology staffers are trying to figure out what they're dealing with before they approach the board with a full set of facts and options for a decision.
"I'm not comfortable until I hear exactly what it is, so that as board members we can take specific steps to deal with that virus or whatever it is," Mesiah said.
State Police Capt. James Hall of the Bureau of Criminal Investigation in Batavia, whose computer crimes investigators are working with FBI and ECMC staffers on the probe of the incident, declined to comment on whether this is a case of ransomware and referred further questions to Cutler. The FBI also has referred a reporter's questions to ECMC officials.
Kaleida Health, which is part of the Great Lakes Health System with ECMC and the University at Buffalo, has contributed IT employees to work on the computer shutdown since the weekend, said Michael P. Hughes, a Kaleida Health spokesman. Catholic Health System also has contributed information technology resources, including staff, to ECMC to respond to the virus.
"We're working as hard as we can to help them get up to full functionality," Hughes said. "And at this point, it's less about what caused it and more about bringing back their systems."
David Newell, CEO of Loptr LLC of East Aurora, has extensive experience working with companies on cybersecurity issues. ECMC is not a client of his, and he said it's impossible to know from the outside whether this is a case of ransomware.
But, speaking generally, he said an institution dealing with ransomware would go through several phases of investigating the incident, trying to contain the damage to their system and then recovering any lost data.
Institutions typically shut down a wider swath of their computer system, or web server, beyond what was compromised by the ransomware virus to try to contain the attack, Newell said. Cutler confirmed it was ECMC's IT staff, and not the virus, that shut down the computer system.
The fact that ECMC is starting to bring its system back online, Newell said, "I would say, broadly, what this means is they've contained the situation."
However, Newell said it does not indicate one way or another whether ECMC has paid a ransom. Newell said companies have to make a risk analysis when deciding whether to pay hackers, something that is typically done via bitcoin, the online currency that is hard to trace.
"You're looking at it as a business decision," Newell said.
News Staff Reporter Sandra Tan contributed to this report.