Ransomware attack calls unlikely hero to action: Your neighborhood HIE

Erie County Medical Center saga shows why working with your local health information exchange on disaster recovery and business continuity plans can keep you operational, even when your data is encrypted by hackers.
By Bill Siwicki
03:41 PM

On Sunday morning, April 9, at about 11 a.m., Daniel Porreca received the kind of text message no one wants: Erie County Medical Center’s IT department detected file-encrypting ransomware and shut down the hospital’s Meditech EHR, e-mail and website and, of course, this caused problems for physicians and nurses in getting information critical to patient care. 

The text came from an on-duty physician at the emergency department,  Anthony Billittier, MD, who told both Porreca, executive director of the New York health information exchange HEALTHeLINK, and Steve Allen, HEALTHeLINK’s operations director and privacy officer, that the medical center needed help resetting passwords to enable access to the HEALTHeLINK HIE.

[Also: Erie County Medical Center systems still down 12 days after massive cyberattack]

Some of Erie County Medical Center’s data, in fact, was being held hostage.

How the HIE actually helped

Within 30 minutes of that fated text being sent, Steve Gates, who leads HEALTHeLINK’s provider services function, was on-call to assist. Then by 1 p.m. he was on site in the emergency department, along with Billittier, arming clinicians and other staffers with access to patient data via emergency laptops deployed in conjunction with mobile hotspots. 

That on-the-go IT setup worked. So the next day HEALTHeLINK had seven people on site working in the emergency department and other areas of the hospital, a presence they sustained for the next couple weeks. 

The reason Erie County Medical Center could continue operations even while it’s data was locked down by nefarious cybercriminals: The hard work was already done. 

Eric County had been participating in HEALTHeLink for more than 10 years, Porreca explained. The medical center has been providing data such as labs, radiology, ADTs and transcribed reports since 2008 and last year began submitting CCDs on patient discharge. 

Erie County Medical Center had embedded one-click access, with patient context, within its hospital EHR and their emergency department was the most active user of the HEALTHeLINK patient record look-up function.

Why it wasn’t that hard to stay operational

When it came right down to it, HEALTHeLINK did not have to do all that much to get Erie County Medical Center back online, particularly when considering that this was a ransomware attack.  

The hospital had a separate team working on re-building its systems and getting them back online and it did have to retrain users about log-in procedures outside the one-click access to its EHR. Other than that, however, it was really a matter of continuing to provide support for clinicians and staff to access their patients’ data. 

Porreca’s advice to other medical center executives that have perhaps not yet survived a ransomware attack? 

“Work your HIE into your business continuity plans,” Porreca said. ”Think through how you might provide computers and Internet access to your staff in the event of such a crisis. Get as much of your data to the HIE – it will not only support better treatment for your patients throughout your community, but you just might need access to your own data in a time of crisis.”

The same work the Erie County Medical Center had been doing with its HIE, in turn, enabled it to quickly get back up and running with its data. 

And the message everyone wanted: No ransom was paid.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.