I noticed this chilling first hand account from Ireland the other day.
A week from hell as health service grapples with cyberattack
The HSE has had its hardest year dealing with Covid. Now it has had its hardest week
Paul Cullen Health Editor
“The hardest six days of my working life,” was how paediatric radiologist Dr Gabrielle Colleran described her state of exhaustion after a week of shutdowns and work-arounds in the Dublin hospitals where she works.
“A major disaster,” said Dr Vida Hamilton, who as the HSE’s national clinical adviser for acute operations played a central role in trying to prevent the system coming to a complete collapse. “We know nothing about the individual. We have no charts, no record number.”
This experience of “flying blind” was widespread across the system; from oncologists deprived of scan information about their patients in the operating theatre to psychiatrists in clinics making decisions about vulnerable people without access to their records.
Just as with Covid-19, the cyberattack hit hard and wide, but the damage wrought was not uniform. HSE-run hospitals were hit worst; voluntary hospitals less so. Most GPs could just about manage, but everyone’s problems are mounting the longer the enforced computer shutdown lasts.
A week after the attack occurred, inpatient procedures and chemotherapy services were down 50 per cent on normal levels while inpatient and endoscopes were down 70-80 per cent.
Sharing scans
Radiology was one of the worst-affected areas, due to its dependence on centralised IT for sharing scans. But with emails down across the health service, the disruption spread from hospitals to the community, as GPs were no longer able to make referrals or order tests.
In hindsight, the HSE deserves credit for the rapid shutdown of the system once the attackers hit. In the days that followed, the initial sense of shock mutated into a grim determination to restore services despite the absence of computer infrastructure.
The HSE explicitly rejected any suggestion outdated software could have played a role in the breach of its IT security
It was a “back to the 70s” week for the health service, thanks to a new-found reliance on pen and paper, and redeployed staff serving as “runners” to deliver scans and paper files.
“Shoulders to the wheel, solutions-focused, trying to minimise the patient impact,” as Colleran described it.
Caution was the watchword as the predominant fear on the minds of staff was the risk of patient harm caused by the loss of precise information about patient histories or historical scans. The price for caution was long delays in the services that were operating.
As the week progressed, some services returned while backlogs in others mounted.
Prevented
Questions started to be asked about how this disaster could have happened, and whether it could have been prevented. The HSE explicitly rejected any suggestion outdated software could have played a role in the breach of its IT security. Despite the abundant use of ancient versions of Microsoft Word across the health service, officials said this was not a factor in what happened.
“IT services in the HSE are grossly understaffed and inadequate for the maintenance of complex national electronic records like Nimis [the electronic storage system for scans],” one doctor told The Irish Times. A proposal for parallel servers for the system was turned down due to lack of funding, he claimed.
The long-standing technology challenges faced by the health service were never more apparent than during the pandemic, when the lack of a proper e-health system made it hard to keep track of Covid-19. Recent cyberattacks on US health agencies do not seem to have caused any alarm bells to go off in Ireland or, if they did, not enough to make a difference.
The HSE is still struggling to find the cause of the security breach, not surprising perhaps in a service with 150,000 access points, 2,000 different systems and 4,500 servers. As the hackers lead a merry dance and exhausted staff continue to mop up, attention will turn to Monday, when the widespread release of patient data has been threatened. Just as with the virus, things may get worse before they get better.
Here is the link:
The second front line account comes from NZ.
Waikato doctors go old school while teams face 'demanding' task of recovering IT systems following cyber attack
May 19 2021
A doctor at Waikato Hospital says staff are going back to processes used 20 years ago to make it through a cyberattack that’s crippled its IT systems.
And an IT expert says cybersecurity teams face a hugely “demanding” process to recover the DHB’s infected software.
The doctor, who Stuff has agreed not to name, said hospital staff were using whiteboards as a way to record patients’ names.
Without electronic systems, it was “very challenging” to keep track of patients in a busy emergency department with 80 to 90 patients.
The DHB was the victim of a major cyberattack on Tuesday morning, which crashed its electronic systems, delayed some elective surgeries and made patient's notes inaccessible.
Medical staff were recording all notes manually and had to be vigilant there were no mistakes.
“We are going back to processes a little bit like we used 20 years before computers were used in these sorts of settings,” the doctor said.
Hospital staff were used to electronic processes where they can access a patient's history through the National Health Index (NHI).
A Waikato Hospital emergency doctor said staff are recording patient names on whiteboards as a way to make it through the disruption.
“We’ve got to make sure communications are really tight between departments and making sure when you are handwriting details on a lab form you are not making mistakes.”
Hospital receptionists had a particularly difficult task in making sure all patients were identified correctly.
“We still have some of the older, hard copy material from patients.”
The hospital dealt with a number of emergencies on Tuesday night, including trauma injuries from car crashes.
“The cath lab is working, the CT scanner is working, the operating theatres are working.
Auckland University of Technology professor of computer science Dave Parry said teams restoring the Waikato DHB needed to be careful malware hadn't been backed-up on the system, leaving the hospitals vulnerable to another attack.
“We are rolling our sleeves up, and making it work, and we’re hopeful it will be fixed.”
But AUT Computer Science professor Dave Parry said recovering systems after such an attack, took a significant amount of time.
The experts tasked with recovering the hospitals’ systems faced a "demanding process”.
Earlier, Waikato DHB chief executive Kevin Snee told RNZ the attack had most likely been installed through a malicious email attachment.
“The email will have installed software the attackers are using and that software will be doing the attack, either encrypting the files or deleting files or trying to make a connection.”
The experts had to shut down all systems so the malware wasn't running, delete the malware, then restore any of the DHBs back-up files.
There could be days of disruption while IT teams face a daunting and extensive task of recovering all electronic systems after a crippling cyberattack.
More here:
And even more badness here from the US rendered in shambles for 3 weeks:
Scripps Health slowly coming back online, 3 weeks after attack
While the organization's website is now accessible, along with some "read-only" medical records, its patient portal is still down.
By Kat Jercich
May 21, 2021 11:18 AM
Three weeks after a cyberattack led to a network outage at Scripps Health, employees say some systems are coming back online.According to reporting from ABC News, several Scripps Health workers said they'd regained access to "read-only" medical records from before May and payroll systems, along with some computers, emails and X-rays.
Its Epic-powered patient portal, MyScripps, was still down as of Thursday.
"While some features on our website are still being worked on and are not quite ready for use yet, most of scripps.org is back up and running," said the health system in an update on the Facebook page.
Attempts to reach the organization by phone and email for comment were not successful.
WHY IT MATTERS
After detecting a security incident on May 1, Scripps suspended user access to its IT applications.
The San Diego-based health system continues to keep mum about the specifics of the attack.
In a statement posted to the website, Scripps said, "In response to the cyber security incident on May 1, our team immediately took steps to contain the malware by taking a significant portion of our network offline."
"We also immediately engaged outside consultants and experts to assist us in our investigation and other experts to help us restore our systems and get back online as soon as possible," the organization added.
The breadth of potentially exposed personal information remains unclear, Scripps said.
"The investigation into the scope of the incident, including whether data was potentially affected, remains ongoing," the statement said.
"Depending on the investigation’s findings, we will be sure to provide notifications to affected individuals in accordance with all applicable laws," it continued.
The statement reiterated that in-person care was still available, and that patients could and should confirm appointments via phone. It noted that the Scripps team had backup workflows and paper processes in place, and that care providers currently had "view-access" to patient history and records. Virtual visits were also still available.
"Physician and staff leadership at each site are reviewing scheduled surgeries, infusions, imaging, lab and all other patient care services regularly. If certain services and appointments need to be rescheduled, we are reaching out to patients directly when possible," read the statement.
It advised that requests for medical records should be completed by mail.
More here:
https://www.healthcareitnews.com/news/scripps-health-slowly-coming-back-online-3-weeks-after-attack
If ever there was a case for prevention rather than cure this has to be it! I am sure there are technical steps that can be taken o minimize impact – network segmentation and very frequent backups etc. but there is no doubt the major protection is repeated user education and awareness amplification.
This sort of stuff is killing people I am sure and a lot more needs to be done to track down these offenders and make them really pay in terms of jail time and fines! They are evil criminals and need to be treated as such!
David.
No comments:
Post a Comment