Fraud Management & Cybercrime
,
Healthcare
,
Incident & Breach Response
Restoration Completed Days Ahead of Schedule But Still a Lot of Catch-Up Work to Do
The nonprofit behind 13 Michigan hospitals and a network of cancer centers said it restored IT systems a few days earlier than anticipated following an Aug. 6 ransomware attack that forced it to turn away emergency care patients.
See Also: Patelco Breach Affected 726,000 Customers, Employees
McLaren Health Care earlier this month predicted a full IT recovery wouldn’t occur before September (see: McLaren Health Expects IT Disruption to Last Through August).
“With this return to normal operations, all temporary procedures enacted during the disruption have been lifted. Providers at all McLaren Health Care hospitals, Karmanos cancer centers, and outpatient clinics again have access to patients’ electronic medical records,” McLaren Health said in a statement Tuesday.
McLaren Health said all its emergency departments are now open, accepting patients and receiving all medical conditions arriving by ambulance.
Patients can now also schedule appointments at McLaren’s outpatient diagnostic facilities as well as primary and specialty care offices. In addition, all McLaren cancer centers and stroke care facilities are fully operational. Surgeries postponed during the ransomware-induced outage are being rescheduled.
Clinical staff confirmed to Information Security Media Group that McLaren’s IT systems, including EHRs, are operational. “I worked 12 hours yesterday – it is back online,” a critical care registered nurse at one McLaren Health hospital told ISMG on Tuesday.
The Grand Blanc, Michigan-based nonprofit still faces the task of inputting patient health data charted manually during the three-week disruption. That process began over the weekend and is expected to last several weeks.
McLaren Health said it is still analyzing whether patient or employee information was breached in the attack. The attack prompted state officials, including Michigan Attorney General Dana Nessel, to issue warnings this month for patients about the potential for identity theft and fraud crimes stemming from the incident (see: Officials Warn of Risks as McLaren Recovers From Attack).
The Inc Ransom cybercriminal group quickly claimed responsibility for the attack, which McLaren detected on Aug. 6.
Whether McLaren paid a ransom to attackers in the latest incident to help speed up its recovery “would be pure speculation on anyone’s part,” said David Finn, executive vice president at security consultancy First Health Advisory. “Unless they tell us, there is not enough information to speculate with any basis in fact,” he said.
McLaren’s three-week IT recovery from the cyber incident is faster than is often seen in ransomware attacks on similar entities, said Finn, who is a former healthcare CIO. “I would say this was a pretty quick recovery for a system the size of McLaren.”
The incident is the second ransomware attack on McLaren within a year (see: McLaren Health Hit With Ransomware for Second Time in a Year).
Last fall, Russian-speaking ransomware gang BlackCat/Alphv claimed to have stolen 6 terabytes of McLaren Health data, compromising sensitive information of more than 2 million patients. McLaren Health has not publicly disclosed whether it paid a ransom to BlackCat (see: Group Claims It Stole 2.5 Million Patients’ Data in Attack).