US Hospital Uses Emergency Management System in Ransomware Attack
With the WannaCry ransomware attack making headlines worldwide (and taking a significant portion of the UK Health System offline), many healthcare delivery organizations are taking a closer look at cybersecurity[i] and the role it plays in continuity of operations planning (COOP).
Ransomware is one of the hazards hospitals should consider when developing emergency preparedness and response plans — including hazard vulnerability assessments (HVAs) and communication plans — to meet the compliance requirements of the CMS emergency preparedness rule and other emergency management requirements.
Across the world, hospitals and healthcare systems are being hit by ransomware and other cyberattacks[ii]. When a hospital’s computer systems and networks become unavailable due to a ransomware attack, the LiveProcess emergency management system, a cloud-based software as a service (SaaS), stays available as a hospital communication system to help the hospital achieve situational awareness and to mobilize and coordinate an emergency response.
When this U.S. hospital was hit by a ransomware attack, they were prepared with the LiveProcess emergency management system already in place. LiveProcess remained fully functional and accessible, even when other systems failed.
With the LiveProcess emergency management system, personnel inside and outside the hospital are connected and ready to respond under even the most chaotic conditions, including a ransomware attack.
Throughout the ransomware attack, the hospital was able to share information, notify executive leadership, and keep staff up to date.
Situational awareness achieved
The hospital’s LiveProcess administrator immediately initiated an event log, creating a virtual hospital command center, and requested updates from every department, including operationally critical groups such as the ICU, inpatient floors, outpatient services, imaging, pharmacy, laboratory and payroll.
From its virtual command center, the hospital emergency management team mapped the outages, tracked issues and determined which departments needed to implement downtime procedures and default to paper-based backup.
Hospital’s emergency response coordinated
With the event log as the playbook, the emergency management team monitored recovery efforts in real time and allocated resources to assist with getting systems back online. Hospital leadership was kept closely informed throughout the outage, and the minutes of executive-level meetings were tracked in the event log.
The staff was updated regularly using the multi-way communication capability of the LiveProcess system, with IT providing up-to-the-minute guidance on how to bring affected devices and systems back onto the network, thereby reducing calls to the help desk.
Continuity of care maintained
The use of LiveProcess emergency management system enabled the hospital to avoid going on diversion or canceling scheduled surgeries during the ransomware attack. Although ransomware and other kinds of malware can paralyze a healthcare system, this hospital maintained continuity of care by coordinating its response with LiveProcess’s two-way multi-modal communications, and by leveraging its information aggregation capability to the hospital’s benefit.
- Case study: Communication During a Ransomware Attack: Cyberattackers are targeting healthcare organizations.
- More blog posts about hospital emergency preparedness
- How LiveProcess helps hospitals, health systems, and healthcare coalitions prepare for emergencies.
- How LiveProcess can help your healthcare organization across all phases of emergency management, including planning, mobilization, coordination & collaboration, and tracking.
- Experience how these hospitals managed emergency communications during Hurricane Harvey in Texas in 2017.
- Continuity of Operations Planning (COOP) for Healthcare Organizations
ii “The Biggest Healthcare Breaches of 2017 (so Far).” Healthcare IT News. N.p., 15 May 2017. Web. 17 May 2017.