Cyberattack on Kentucky’s Hardin Memorial Health led to EHR Downtime

A cyberattack on Kentucky's Hardin Memorial Health (HMH) led to disruption of its IT systems as well as EHR downtime.

The cyberattack on HMH started on April 5, 2019, evening. As per the statement of a HMH spokesperson, it has been confirmed that the IT systems was disrupted due to a security breach. The cyberattack details are yet to be released, therefore it is still not clear whether this incident was a hacking, ransomware or malware attack.

HMH has worked round the clock in order to restore the affected systems as well as servers. IT team of HMH has already brought almost all IT systems back online, as well as has restored the access to their EHR system in a few units.

Despite of EHR system downtime, the business operation continued normally and none of the hospital appointments were cancelled. All 50 locations of HMH remained open. Tracee Troutt, the Vice President as well as the Chief Marketing and Development Officer of HMH, said that "at no time during this event has the quality and safety of patient care been affected".

Upon discovery of this security breach, the emergency processes were implemented. Also, an IT assessment in order to determine the extent and nature of this incident was conducted. That assessment is still ongoing, although most issues associated with this attack were resolved in 24 hours.

Troutt said that "a combined team of some 40 internal IT and patient care specialists, complemented by external experts, importantly including our Baptist Health partners, worked over the weekend to resolve issues quickly and is working on the assessment".

It appeared that HMH was ready and well prepared for the system downtime. IT team of HMH tests the emergency procedures on a regular basis in order to ensure its quick implementation, so that they are effective in preventing disruption to the patient services. Moreover, the IT team of HMH already implemented extra protocols so as to enhance the system security.

This incident proves that though it might not be possible to stop all the cyberattacks, but having tried and tested emergency response plans and backup - it is possible to quickly recover from cyberattack and thus prevent disruption to the patient services.

» SPAMfighter News - 4/24/2019