The Heritage Valley Health System is reporting a widespread cyberattack at all of its facilities Tuesday.
Suzanne Sakson, spokeswoman for Heritage Valley, issued the following statement late Tuesday morning:
“Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded.”
Also on Tuesday, Merck & Co. the global pharmaceutical firm with extensive operations in the Philadelphia area, said its computer networks had been the target of a massive hack.
“We confirm our company’s computer network was compromised today as part of global hack,” a statement from the company said. “Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more”
Several news outlets in Pennsylvania are reporting local healthcare systems in Pennsylvania, Ohio, and West Virginia are under cyber attack. Because healthcare in general is awash in money and holds data that it cannot operate without, healthcare is a perfect target for cyber criminals who want to make money with ransomware. Cyber security is paramount to healthcare, not just because of patient confidentiality but but because without said data, healthcare will not function.
While it’s too soon to tell, my guess is that cyber criminals (probably in Eastern Europe or Russia) took EternalBlue, wrapped it in a modified version of WannaCry’s propagation engine, gave it strong Bitcoin earnings abilities, and unleashed the whole conglomeration on Pennsylvania (and New Jersey, in the case of Merck and Co.) businesses.
Updating to add that the healthcare system officials have confirmed this cyber attack was part of the global event that happened earlier today.
Later in the day, health system officials confirmed the intrusion is related to the outbreak of malicious data-scrambling software that has caused mass disruptions worldwide.
The health system is made up of two hospitals, 60 doctors offices and 18 community satellite facilities.
Updating July 2, 2017 as another healthcare system in Princeton, WV also was impacted by this cyber attack, scrapping their entire computer network and are resorting to old fashioned pen and paper to record vital information.
Princeton Community Hospital in rural West Virginia will scrap and replace its entire computer network after being struck by the cyberattack paralyzing computers globally.
The cyberattack, known as Petya, froze the hospital’s electronic medical record system early Tuesday, leaving doctors unable to review patients’ medical history or transmit laboratory and pharmacy orders, said Rose Morgan, the hospital’s vice president of patient care services.
Officials were unable to restore services, and found there was no way to pay a ransom for the return of their system. So, after consulting with the Federal Bureau of Investigation and cybersecurity experts, officials made the decision to replace the system.
Now, doctors, nurses and other hospital staff are adjusting to what will be days of working off paper forms to record vital signs, order medications and scribble notes.