New York health network restores services after crippling cyberattack

Avatar

A hospital network in New York was able to restore its online systems on Saturday after a week of issues caused by a cyberattack.

Westchester Medical Center Health Network released a statement on October 16, warning that HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center were “experiencing a potential cybersecurity threat and an IT system outage.”

The provider was forced to divert ambulances away from all three facilities throughout the week and faced backlash from community members for not fully explaining the situation. Its phone, email and internet services were knocked offline.

As of Saturday evening, the facilities are “fully operational and have resumed admitting patients.” They did not respond to requests for comment about the specifics of the network outage.

“Local EMS operators were notified to resume transporting emergency patients to HealthAlliance Hospital and Margaretville Hospital. There is an exception for emergency stroke patients, who will still temporarily be taken to other area hospitals,” they said.

“HealthAlliance Hospital and Margaretville Hospital remained open during this diversion, and walk-in patients were treated, assessed and either released or stabilized. The end of the EMS diversion has been communicated to all EMS operators, other area medical facilities who were affected, elected officials and the New York State Department of Health.”

In order to restore its network, the hospital system shut down all connected IT systems at the three facilities on Friday evening.

They are still in the process of fully standing up their IT system but said they have “regained all necessary capabilities to resume full operations.”

Westchester Medical Center Chief Strategy Officer Josh Ratner thanked hospital staff for helping them “return to full operations sooner than expected while continuing to provide the best possible care for patients in our community.”

A week of complaints

The medical network dealt with a week of complaints from local residents after initially saying patient care was not impacted by the attack. A prominent community member complained of issues she experienced when receiving treatment at one of the hospitals, and Kingston mayoral candidate Scott Denny claimed the hospitals were turning ambulances away.

The medical center did not respond to requests for comment about the claims but later confirmed that ambulances had been diverted from October 14 until October 17.

In an update on Thursday, the hospital said it notified the FBI and New York State Department of Health as well as officials in Ulster and Delaware Counties. Their investigation into the incident is currently ongoing and is being led by a third-party security firm.

The hospital network said at the time it would be “temporarily diverting ambulances from HealthAlliance Hospital to other nearby medical facilities” and “making decisions on whether to discharge current HealthAlliance Hospital patients to their homes or facilitate transfers to other hospitals within the WMCHealth Network.”

The incident comes just weeks after another New York hospital network dealt with a ransomware attack that limited its services.

Cybercriminals have continued to target hospitals across the U.S. Two facilities in upstate New York — Carthage Area Hospital and Claxton-Hepburn Medical Center — spent weeks struggling with a ransomware attack eventually claimed by the LockBit ransomware group.

In that situation, ambulances were also diverted and appointments were canceled in light of the outages.

Sixteen hospitals run by Prospect Medical Holdings were limited by a ransomware attack in August, and three weeks ago one of the largest healthcare systems in Michigan confirmed that it is dealing with a ransomware attack after a notorious hacker gang boasted about the incident.

The issue of ransomware attacks on hospitals reached Congress last month, with House members holding a hearing on the crisis and taking testimony from several people who have faced off against hackers.

Two days ago, the only hospital in Marshall County, Kansas announced that some of its services would be unavailable due to a cyberattack.

University of Minnesota health economist Hannah Neprash conducted a recent study on ransomware attacks affecting hospitals and found that in-hospital mortality went up about 20% to 35% for patients who were admitted to a hospital when that facility goes through a ransomware attack.

CybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Ukraine security services involved in hack of Russia’s largest private bank

Next Post

Alleged covert wiretap on Russian messaging service blown by expired TLS certificate

Related Posts

Alert: CISA Warns of Active ‘Roundcube’ Email Attacks – Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of
Avatar
Read More