CYBER CORNER
What It’s Like to Respond to a Ransomware Attack
During SIIM webinar, imaging informatics executive Sylvia Devlin recalls efforts to respond to an attack that severely impacted radiology and imaging workflow By David Raths
L
ast fall, several U.S. hospitals were hit with ransomware attacks that crippled their IT systems for weeks. During a Jan. 28 webinar on cybersecurity in enter- prise imaging, one executive described what it was like to try to respond when her health system was attacked several years ago.
Sylvia Devlin, IT manager for Radiology Clinical Operations and the eRadiology Center at Johns Hopkins Medicine in Baltimore, made clear at the outset that her experience with ransomware did not occur at Johns Hopkins but at a previous multi-hospital system where she used to work. She was speak- ing during a presentation put on by the Society for Imaging Informatics in Medicine (SIIM). Several years ago, she said,
a PACS administrator at one hospital called her at the cor- porate office early one morning and said the PACS was down. That happened sometimes and it usually ended up being innocuous. They contacted the vendor that supported the sys- tem. “I was oblivious to what was happening, until my boss stopped by and mentioned ransomware,” Devlin recalled. It turned out the entire enterprise had been compromised. “No one could log into anything. The blood drained from my head. I had a sense of disbelief,” she said. The health system shut down the EHR and e-mail to prevent spread. “At the corporate level, some of us went around unplugging computers and leaving notes for people on their desks telling them not to log in. There was not much else we could do at that point except wait for information from security team.”
The executive team had to use personal email accounts, texting and cell phones to communicate. They had no access to downtime procedures. “This was at a time when there was a big push to go paper- less,” she said. “We had no access to the PACS contacts and contracts to see our support levels.” Most importantly, clinical work flow was disrupted at the hospitals. Without access to records, departments
were not able to reach patients or view schedules for the day. Hospitals remained operational but very challenged. Seasoned nurses reverted to paper, and showed younger nurses how to revert to paper processes.
The attack severely impacted radiol- ogy and imaging workflow because they were so dependent on the PACS. To view patient imaging studies, they had to go to the imaging department and view them
the vendor by design, so they did not have much access to the back end. But during the ransomware event, she was depended on to get into the back end and relay over the phone to the vendor what she saw. Another challenge was that when they checked the PACS workstations used by radiologists, all 27 were infected. Because there was as yet no PACS to send images to, they had to determine if there was enough space on the modalities. Could they purge older images that they were confident made it to disaster recovery to free up space? “We had to contact vendors for ideas on how to retain those imaging studies,” she said. Yet another challenge was that radiology was not the only imag- ing department that suffered. Cardiology and fetal assess- ment depended on radiology, and there were only two people in imaging informatics on site. It was difficult to find time to help other departments. The two-person PACS admin team was pulled in many directions to get departments back up. Devlin said they had to try to
on the modalities. Some radiologists resur- rected old micro cassette recorders. Devlin did find a hard copy of downtime
procedures, but they turned out to be four years old at that point and many things had changed. She said the lesson learned is that it is critical to review downtime procedures and have hard copies available on-site and off-site.
Another challenge was dealing with vendors. When they heard about the ran- somware attack, the PACS and applications vendors cut virtual ties with the health system. “Everyone in healthcare IT was pulling all-nighters to restore systems,” she said.
Most systems were operational by
the end of the week. When enterprise IT security gave the all clear to fire up serv- ers and workstations, all PACS systems appeared to be functioning except one at a community hospital. Devlin went to help the local PACS administrator. The PACS was supported by
36
hcinnovationgroup.com | MARCH/APRIL 2021
find humor in whatever they could. “If we didn’t try to stay positive, we could have easily been overwhelmed,” she said. “There were moments where we were feeling completely overwhelmed by a fire hose of issues. There was lots of chocolate consumption to keep us going,” she said with a laugh. “It helped that the radiology director and radiologists were very supportive.”
In telling about this frightening experi- ence, Devlin said she hoped attendees were able to hear things that might help them in their organizations. During a panel discussion following Devlin’s talk, consultant Lou Lannum noted that many organizations do not have a map of their IT ecosystem. “Many have not taken the time to document everything that touches the network and the EMR,” he said. “But if you don’t, you don’t know where points of failure are and where you are at risk. It is not an easy task, but asset management is essential.” HI
Photo by Dreamstime
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40
