A ransomware attack deployed against OakBend Medical Center on Sept. 1 caused communication issues and IT disruptions. The Texas hospital is operating under electronic health record downtime procedures as it works to rebuild, according to an update on its website.
Upon discovering the encrypted files and subsequent ransom demand, OakBend’s IT immediately took all systems offline and placed its systems in “lockdown mode,” per hospital protocols. Officials stressed that “at no time was patient safety ever in jeopardy.” The IT team and chief financial officer then secured all patient-centric systems.
The hospital turned over the ransomware investigation to “a team consisting of the FBI, CYD, and the Ft. Bend County Government Cyberteam.”
Notably, the website posting shows OakBend is rebuilding its systems after receiving clearance from Microsoft, Dell, Malware Protects, and its IT staff. Officials explained that “rebuilding the system may cause temporary communication issues for patients, vendors, doctors, and administrators.”
The update released on Sept. 9 shows that OakBend is still working to bring its clinical systems back online “in a controlled, systemic environment” and is facing continued telephone and email issues. The hospital is leveraging an exterior phone line dedicated to voicemail, which is then transcribed.
A report from DataBreaches.net shows the Daixin ransomware group is claiming responsibility for the attack.
The incident at OakBend joins an estimated 55 other ransomware attacks deployed against U.S. healthcare entities this year, according to RedSense Intelligence Operations estimates. Several lawmakers recently requested an urgent meeting to determine how the health sector is fighting off the threat of ransomware and what help is needed to support defense.
Currently, a French hospital and the U.K. National Health Service are facing similar outages. Reports show NHS is facing an uphill battle in recovering its systems, with some estimates saying the disruptions may last for a year.
To industry stakeholders, these attacks should renew efforts to update cyber response plans to prevent major disruptions to care operations and impacts to patient safety. That begins with determining the most mission-critical business processes and determining alternative measures to maintain services in the event of disruptions.