author photo
By Bruce Sussman
Thu | Jul 12, 2018 | 1:08 PM PDT

It was Monday morning, around 11 a.m., when the team at Cass Regional Medical Center near Kansas City knew they had a problem.

Hackers had somehow gotten through the hospital's cyber defenses—no official word on how—and ransomware was spreading.

The hospital had an Incident Response Plan ready to go, and they jumped on it.

"Hospital leadership initiated the organization's incident response protocol within 30 minutes of the first signs of attack. Patient care managers met to develop detailed plans to ensure that patient care continued to be provided in a safe and effective manner, while information technology and senior leaders are working with law enforcement and cybersecurity experts to develop a quick resolution to the situation."

The hospital then made the decision to divert ambulances carrying trauma patients and stroke victims, until the electronic health record (EHR) system come back online and accessible from internal systems. As of Thursday, July 12, 2018, that diversion of patients continues.

The hospital says "third-party cyber forensic experts" are completing their investigation in order to determine if any protected health information (PHI) was compromised by the ransomware attack.

Decryption work continues and the hospital says the virus that started it all has been eradicated from its system.

SecureWorld keynote speaker Rebecca Herold told Data Breach Today this raises two key points around data security in the healthcare industry.

"This is a perfect example of how cybersecurity breaches and incidents can have a very real physical safety and patient health negative impact," Herold said. She is president of SIMBUS360, a privacy and cloud security services firm, and CEO of The Privacy Professor consultancy.

"I've found this is a point that most doctors, nurses, and other types of caregivers can relate most closely to, and have also seen this realization result in them—finally—supporting more and stronger cybersecurity controls within their facilities and systems."

This will certainly be a hot topic during the ransomware panel discussion at SecureWorld St. Louis on September 18-19 at America's Convention Center.

Join the collaboration and register today. Because the Cass Medical Center ransomware attack hits close to home.