Fraud Management & Cybercrime , Healthcare , Incident & Breach Response

Ontario Hospital Among Latest Healthcare Cyberattack Victims

Also: 2 US Hospitals Still Recovering From Incidents Last Week
Ontario Hospital Among Latest Healthcare Cyberattack Victims
Ross Memorial Hospital in Ontario is recovering from a recent cybersecurity incident affecting patient services. (Image: Ross Memorial)

An Ontario hospital says it is operating under significantly diminished conditions as it deals with a cybersecurity incident that began over the weekend.

See Also: Gartner Guide for Digital Forensics and Incident Response

Ross Memorial Hospital, a 183-bed Canadian community hospital in Lindsay, says in a statement posted on its website Tuesday that it has declared a "Code Grey" late Sunday night.

Code Grey is activated when a hospital experiences loss of utilities, such as power or water, and loss of critical IT systems.

Ross Memorial says its technology team is working with third-party cybersecurity experts to investigate the incident.

"In the meantime, as high-quality patient care is our priority, we are managing our established protocols to maintain continued delivery of our critical hospital services," the hospital says. "Our systems restoration plan is also ongoing, and we are communicating with our local, regional, and provincial partners regarding next steps."

The hospital is advising patients with "less urgent" conditions to consider seeking alternate options for care, such as their primary healthcare provider, pharmacist, after-hours clinic or virtual care while the facility deals with the situation.

Long Road to Recovery

Recent cyber incidents of similar magnitude felt by other hospital systems suggest it may be a while before operations at Ross Memorial can return to normal.

A Florida hospital system that experienced an incident on Thursday causing it to divert emergency patients and yank systems offline remains under "downtime procedures" and is still routing some patients to other facilities.

That entity, Tallahassee Memorial HealthCare, has resorted to using paper for work that is typically handled with electronic processes, such as registration, admission and patient care documentation, including prescriptions.

A Maryland hospital that last week confirmed it had been the victim of a recent ransomware attack is still unable to provide certain patient services as it recovers from the incident. As of Wednesday, Atlantic General's outpatient medical imaging and walk-in laboratory services remained "temporarily closed until further notice" as the entity deals with the incident (see: Cyberattack Wave on Healthcare Reaches Florida and Maryland).

Thomas Cope, chief security officer at security firm Next DLP, says these recent incidents underscore the importance of all hospitals preparing for similar potential IT outages.

"First and foremost would be to review and test backup and restore procedures so if a hospital does get hit they can recover to a clean system," he says.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.