Email, internet, the majority of phone lines and several other electronic systems at Geneva, N.Y.-based Finger Lakes Health have been restored after a ransomware attack shut them down March 18, a FLH spokesperson told Becker's Hospital Review.
FLH lost access to its computer system around midnight March 18 when a third party encrypted the health system's files and demanded a payment to unlock them. FLH reverted to its downtime procedures, including paper charting, while its informations services team worked around the clock to bring systems back online. The health system eventually decided to pay the attacker's ransom demand.
As of March 23, security experts confirmed to FLH there was no patient, resident or employee data compromised, and no protected health information was acquired by the unauthorized third party.
FLH attributes the recovery to its prompt response upon discovering incident.
"Our immediate action to reduce connectivity and bring our own systems offline to protect them and patient, resident [and] employee care and information was effective and served an important purpose … Our experts have shared that this was a sophisticated attack that was only directed at extortion of money and not to access information," a FLH statement provided to Becker's Hospital Review reads.
Via its insurance carrier, the health system opted to pay the ransom to accelerate its recovery process. FLH has not released how much money the hackers demanded.
"We made this decision in the interest of patient and resident care to minimize patient inconvenience and to move past this incident as quickly as possible," the statement reads.
More articles on cybersecurity:
Cybersecurity team will 'lie, cheat and steal' to safeguard BCBS data
Europe's new privacy law goes into effect in May. Here's how it affects US healthcare
Google exploring a blockchain solution for its cloud