At approximately 11 a.m. this morning, Cass Regional Medical Center became aware of a ransomware attack on its information technology infrastructure. Affected areas include internal communication systems and access to the organization’s electronic health record (EHR). At this time, there is no evidence that patient data has been breached, but as an extra precaution, Meditech, the hospital’s EHR vendor, has opted to shut down the system until the attack is resolved.
Hospital leadership initiated the organization’s incident response protocol within 30 minutes of the first signs of attack. Patient care managers met to develop detailed plans to ensure that patient care continued to be provided in a safe and effective manner, while information technology and senior leaders are working with law enforcement and cybersecurity experts to develop a quick resolution to the situation.
“Our primary focus continues to be on our patients, and meeting our mission to provide health care services to our community,” said Chris Lang, CEO. “We are deploying every resource available to us to resolve this situation quickly so we can resume normal operations.”
In the meantime, the hospital continues to evaluate its capabilities in relation to this attack. This afternoon, as an additional precautionary measure, clinical leaders at Cass Regional decided to go on ambulance diversion for trauma and stroke in order to ensure optimal care for those patients. Hospital personnel will continue to evaluate the situation and respond accordingly.