A cyber attack on Humber River Hospital triggered a Code Gray – or loss of essential services – that left staff ineligible to access electronic health records and diagnostic test results, resulting in long waits in the busy emergency room.
The hospital’s IT system was hit by a ransomware attack around 2 a.m. on Monday. In a statement posted online Tuesday afternoon, the hospital said “no confidential information was released” and the attack was “discovered almost immediately”. All IT systems were switched off, including that for the patient files.
“Ransomware usually encrypts files and then demands a ransom once most are encrypted. As we shut down quickly, encryption is not a problem, although we are dealing with some damaged files, ”the statement said.
Hospital staff told the star that shutting down the network had adversely affected patient care by causing long waiting times in the emergency room. It has also caused long waits for diagnostic tests, including those for suspected heart attacks, sources said.
The hospital has canceled a large number of clinics and has staff at the main doors to reroute patients. So far, operations have not been affected and the emergency room remains open, although some ambulances are being rerouted to other hospitals, the statement said.
Melissa Granados, a patient diagnosed with a uterine fibroid (tumor), said she arrived at the hospital’s main emergency room at 3:15 p.m. on Monday with profuse bleeding.
After two and a half hours of waiting, a hospital manager informed the patients about the system failure, Granados said. She couldn’t see a doctor until six to seven hours after her first seeking help and didn’t leave the hospital until 1:00 a.m. on Tuesday. Granados said she was frustrated when a nurse told her the failure started in the morning, but patients were not notified sooner.
“If they had looked after their patients enough, they would have told us when they entered, ‘Our systems are down, we suggest you go to another emergency room because our waiting times are very long,'” Granados said.
Although she has had heavy periods and spotting for the past month and a half, the bleeding she had on Monday was extreme. Her family doctor works at St. Michael’s Hospital, but she decided to seek help at the Humber River Hospital emergency room instead, as it is closer to home near Jane and Wilson.
“I looked black and was going to pass out,” Granados said. “I told them I was bleeding out.”
Granados said she asked hospital staff to move her to another hospital but was told to wait until a doctor could see her. She was unable to have an operation to remove the tumor because of the pandemic, she said.
According to Humber River Hospital, its IT department is working with an outside recovery company to get its systems back up and running. More than 5,000 computers (including 800 servers) are restarted manually. The hospital said in its statement on Tuesday afternoon that the systems will be brought back online in stages over the next 48 hours.
Ontario Health said they were informed Monday morning that the Humber River Hospital’s systems were down. They said the situation at the hospital is being closely monitored and the Ontario Health security team has been assisting the hospital as needed.
Christopher Parsons, a senior research fellow at the University of Toronto’s Citizen Lab at the Munk School of Global Affairs & Public Policy, said the Humber River Hospital appeared to be in place and had a quick and accurate response to the ransomware attack .
“If you take their testimony at face value, what they have done is impressive,” he said, noting that it is generally unusual for large and medium-sized companies to regularly update their systems to detect attacks quickly. In its statement, the hospital said the “last patch” took place on June 13th.
Quickly shutting down and disconnecting the existing system – which the hospital stated in its statement – is also key to preventing the attack from spreading, Parsons said.
“Once it enters a network or system, ransomware spreads across the network with the ultimate goal of locking down as many systems as possible by encrypting data so they can demand a higher ransom,” he said.
In the case of a healthcare facility, shutting down the entire system to stop the attack also means bringing down critical network services such as electronic health records and diagnostic imaging.
Parsons said hospitals and health systems around the world are under attack, pointing to a number of such ransomware attacks in recent times, including one that crippled Ireland’s public health system in May. In many cases, the affected hospitals have been forced to cancel non-urgent procedures and staff have had to use pen and paper to keep track of patient records.
In 2019, several hospitals in Ontario were affected by the ransomware virus, including Michael Garron Hospital in Toronto. That same year, LifeLabs, the country’s largest medical diagnostic testing company, announced it had paid a ransom to secure data – including the personal information of millions of customers – following a cyber attack.
In addition to strict security precautions for the network, Parsons recommends that hospitals and healthcare facilities have strict backup plans in place so that they can ensure safe and adequate patient care after a cyber attack. He hopes the Humber River Hospital will provide more details about its most recent cyberattack – and how it has recovered – so that other hospitals and organizations can learn from his experience.
Parsons said ransomware attacks are epidemic on an international level and attackers are often linked to criminal organizations.
“In my view, ransomware is the equivalent of a new and contagious disease,” he said. “It’s only going to get worse.”