Malware, Ransomware

Georgia St. Joseph’s/Candler health system shifts to downtime procedures amid ransomware attack

A ransomware attack against Georgia-based St. Joseph’s/Candler on June 17 spurred network outages and forced clinicians into EHR downtime procedures. Five days later, the workforce is continuing to use paper records for patient appointments.

St. Joseph’s/Candler is one of the largest health systems in the state, with two hospitals, home health care services, and specialized outpatient and inpatient care.

The initial cyberattack struck early Thursday morning, arising as suspicious activity on the network. As a precaution, the IT team took steps to isolate the impacted system and limit the spread of the attack.

An investigation was launched alongside the recovery efforts, and law enforcement was notified. Officials later confirmed ransomware was behind the outage, but declined to comment on the ransom amount or if a payment was made.

In the immediate wake of the attack, patients reported emergency room wait times of up to eight hours.

“While we continue to investigate the incident, we’re working to get systems up and running as quickly and as safely as possible,” Scott Larson, St. Joseph’s/Candler spokesman said in a statement on June 21.

“Our priority is patient care, and our staff are committed to doing everything they can to mitigate disruption and provide uninterrupted care to our patients,” he added.

The health system has remained open primarily thanks to previously established downtime procedures, for which the workforce received training prior the attack. The processes are designed for system upgrades or unforeseen circumstances that could cause network outages.

As such, scheduled appointments have continued for the majority of patients, outside of those receiving oncology care. Patients with chemotherapy and radiation needs have been asked to contact their provider to determine the status of previously scheduled appointments.

Local news outlets show patients are concerned with the paper processes nurses are using amid the outage, such as tracking medications by hand. Clinicians are unable to view medical images or review medication schedules.

Family members have also taken to social media to express concern for patients in the ICU or canceled chemotherapy appointments.

These care disruptions and concerns mirror patient reports and concerns at the University of Florida Health The Villages Regional Hospital and Leesburg Hospital, following a similar ransomware attack and EHR downtime response on May 31.

After more than three weeks, the provider remains under EHR downtime procedures as it attempts to recover.

The security incidents are among the ongoing wave of ransomware attacks against the health care sector. In the last month, network outages tied to ransomware have been reported by Stillwater Medical Center, Ireland Health Service Executive, and the New Zealand Waikato District Health Board.

Brett Callow, threat analyst for Emsisoft, told SC Magazine that the ongoing onslaught against health care is not at all surprising.

“Ransomware is so enormously profitable that, even if Putin were to be able to control Russia-based groups, others would likely continue where they left off,” said Callow. “Unfortunately, short of banning ransom payments, there’s no quick and easy solution to the ransomware problem.”

“Tackling the issue will be a long, hard haul during which time health care and other sectors will continue to come under attack,” he added.

In response, health care providers should make hardening defenses and ensuring network visibility a key priority, if they’ve not done so already. Those entities with limited resources should review free insights and guidance from NIST, Microsoft, and the Office for Civil Rights.

Emsisoft has also been providing free assistance to health care entities impacted by ransomware, amid the COVID-19 national emergency.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.