Ohio clinic goes offline for over 2 weeks after cyberattack

Featured image

Share this article

Cleveland Clinic Goes Offline for 2 Weeks After Cyberattack - Paubox

Ashtabula County Medical Center—a Cleveland-based healthcare provider celebrating its 115th anniversary this year—has become the most recent victim of an apparent cyberattack.

What happened?

The company noticed technical disruptions and took its computer systems offline on September 21st. 

Nearly three weeks later, and the computer systems remain offline.

“We are working with independent information technology security experts to conduct a thorough investigation and to safely bring our systems back online,” President and CEO Michael J. Habowski said.

The outage affected the company’s five family health centers. Healthcare workers cannot access computers and obtain lab work results, prescriptions, or a patient’s history.

The technical problems seem to be the result of a ransomware attack.

“This certainly has all the hallmarks of a ransomware attack and, if so, Ashtabula County Medical Center would be the 53rd U.S. health care provider or health care system to be impacted by ransomware so far this year,” said Brett Callow, an analyst at the cybersecurity firm Emsisoft.

Ransomware is a type of malicious software that encrypts files and shuts down computer systems. Hackers are often either looking to steal protected health information (PHI) or to demand payment from the victim to restore the systems.

What information was exposed?

So far, ACMC has preserved its healthcare data. It appears that the cyberattack only affected its ability to operate computer systems. 

Reports are saying ACMC is using pen and paper to record patient information. Not being able to access patient details on their computer systems is undoubtedly stressful for healthcare workers, especially since the disruption has already lasted for weeks.

Despite the technical disruptions, ACMC has never stopped providing patient care. However, it did cancel some appointments and elective procedures.

“Our first priority is always the safety of our patients and caregivers,” Habowski explained. “The disruption did not impact our ability to safely care for our patients.”

Unfortunately, this is not always the case in cyberattack incidents. In fact, just last month a patient in Germany died when she was turned away from a hospital which was shut down due to a ransomware attack.

What happens next?

ACMC will need to find the source of the ransomware and restore its computer systems. This task is often laborious and can take a significant amount of time to accomplish.

Once ACMC restores its systems, the healthcare provider will want to implement extra security measures to prevent this scenario from happening again.

SEE ALSO: New International Report Outlines Cybersecurity Best Practices

How can an attack like this be avoided?

ACMC has not said how the ransomware occurred, but one of the most common threat vectors is email.

Email is vulnerable because human error can cause a security breach when someone clicks on a malicious email. Employee training on security risks and potential scams can help prevent successful hacks.

SEE ALSO: Why Investing in Ongoing Cybersecurity Training is Good Business

You can also increase email security to avoid cyberattacks and HIPAA violations.

Paubox Email Suite Plus allows you to send HIPAA compliant email by default to your patients. It also includes robust inbound security that protects your inboxes not only from ransomware, but also from spam, viruses, and email phishing.

Don’t become the next victim of a ransomware attack. Security precautions are essential to protecting your computer systems and data.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022