»

HACKERS PAID: Finger Lakes Health pays ‘ransom’ to bring systems back after breach

Lara Turbide called it an effort to move ‘quickly’ past the incident, which made headlines throughout the last seven days – since a data breach was discovered last Sunday.

The FBI is investigating the matter, but officials with Finger Lakes Health say that no patient data or information was lost. The hackers who gained access to the system last Sunday only wanted a payment.

Finger Lakes Health announced over the weekend that they paid up.



“We made this decision in the interest of patient and resident care to minimize patient inconvenience and to move past this incident as quickly as possible,” Turbide told the Finger Lakes Times on Sunday.

Turbide, along with Finger Lakes Health as a whole, have repeatedly declined media requests to announce how much was demanded. Now, those same officials are declining to announce how much they paid the unknown individuals behind the breach.

“Our immediate action to reduce connectivity and bring our own systems offline to protect them and patient/resident/employee care and information was effective and served an important purpose,” Turbide continued. “The response process which we had in place worked to reduce the severity of the impact. Our experts have shared that this was a sophisticated attack that was only directed at extortion of money and not to access information.”


Update #4 – Friday PM

Finger Lakes Health thanked the community, patients, residents and families in the region for their patience and understanding as they work to bring systems back online throughout Friday.

Jose Acevedo, President and CEO shares “Our employees and medical staff are the heart of Finger Lakes Health. We are very grateful to and proud of our incredible employee and medical staff efforts to serve our patients, residents and community.”

Below is a prepared statement released by Finger Lakes Health:

“Finger Lakes Health’s Information Services team has been working around the clock and is bringing systems back on-line in a step-wise approach. E-mail, internet, the majority of phone line access and several other electronic systems have been restored. We are continuing to use our downtime paper procedures, which we have in place and utilize for situations including weather emergencies, power outages or other situations in which we have limited electronic access. This underscores the reason that we regularly conduct “downtime” procedure drills which proved useful in our response preparedness.

We have final confirmation from our security experts that there was NO patient, resident, or employee data compromised. We have confirmation there was NO unauthorized acquisition of protected health information or personally identifiable information.

The recovery is due significantly to our prompt response upon initial notification of the incident. Our immediate action to reduce connectivity and bring our own systems off-line to protect them and patient/resident/employee care and information was effective and served an important purpose. The response process which we had in place worked to reduce the severity of the impact. Our experts have shared that this was a sophisticated attack that was only directed at extortion of money and not to access information.

We have kept the FBI apprised of our work and also related to the steps we have been taking including a decision to leverage our insurance carrier to make a payment which has accelerated our recovery. We made this decision in the interest of patient and resident care to minimize patient inconvenience and to move past this incident as quickly as possible.”


Update #3 – Friday AM

Finger Lakes Health is back online … for the most part.

Paper procedures are still be followed, but most electronic systems have been restored as of late-Thursday. They shut those systems down on Sunday after learning about a cyberattack, which was later identified as a ransomware attack.

Lara Turbide said that Internet, phone and email were up-and-running again — though most providers were still being asked to work with paper notations and documentation for medical records and other patient needs.

Turbide said that Finger Lakes Health teams are working around-the-clock to bring things back up to speed.

The F.B.I. is probing the attack, due to the fact that specific electronic systems were encrypted by an outside entity — who then demanded money in exchange for decrypting those systems.

Turbide said there is no indication that any data was extracted through the attack. “Slowly and methodically, we are taking systems back up. We brought our own systems offline and shut down the internet and are now reconnecting, testing and checking things out.”

The health network includes two hospitals, Geneva General in Geneva and Soldiers & Sailors Memorial in Penn Yan. In addition, the network includes four nursing homes, eight primary care physician practices, an ambulatory surgery center, two Urgent Care sites and six specialty-care practices, among others.

Patients and members of the community voiced concerns over the cyberattack. It remains unclear when things will be 100 percent operational again for those services at Finger Lakes Health.

Anyone still having difficulty contacting Finger Lakes Health can call the switchboard at: (315) 787-4000.


Update #2 – Thursday

Officials with Finger Lakes Health say the cyberattack that made headlines earlier in the week continued through the day Wednesday.

The latest word from those officials, who have been busy communicating the latest with media throughout the week is that much of the ‘closure’ from electronic formats was a proactive measure.

“In response to learning someone had tried to be in our system — we shut everything down — a lot of it by our choice,” Lara Turbide, vice president of community services for Finger Lakes Health told the Canandaigua Messenger on Wednesday.

Now though, the Federal Bureau of Investigation is probing the attack.

Finger Lakes Health says that an outside entity encrypted some of the electronic systems utilized by the healthcare provider — and is demanding payment to decrypt access.

Until the issue is resolved — it means ‘paper downtime’. FingerLakes1.com spoke with an employee earlier in the week — who noted that it was like ‘stepping back in time’ for many staffers who were entirely unfamiliar with working without computers.

Another employee, who declined to be identified, said that non-essential staff were being asked to ‘stay home’ after the hijack became known by FLH administration. Those employees were instructed that they would have to use ‘sick’ or ‘vacation’ time – or face the alternative of going without pay while Finger Lakes Health dealt with the outage. “It put some of us in a really, really tough spot. Some employees didn’t have any paid time off available, so I’d imagine they’re going without pay while the hospital deals with this.”

Issues with the phone system were reported, but as of late-Wednesday those had been resolved for the most part. Anyone needing to contact a specific line — who cannot get through, can call the main switchboard at (315) 787-4000.

Turbide added on Wednesday, “It takes a little more effort from our staff, things may take a little longer as it requires going back to written notes and paper medical records.”

This story will continue to be updated as more information becomes available. Finger Lakes Health could not be reached for comment on the testimony from the unnamed employee in this report.


Update #1 – Tuesday

Finger Lakes Health has provided an update via official statement on the data breach that was publicized overnight.

“We immediately implemented our manual downtime protocol and procedures which we have practiced for circumstances when computer access is limited,” said Finger Lakes Health in a statement. “We, like many other health systems and businesses, have prepared for this inevitability due to the increase in these types of incidents.”

Finger Lakes Health says they became aware of the breach around midnight on Sunday. While there’s no indication that patient or employee information has been compromised — officials with FLH have no access to their system.

One Finger Lakes Health employee, who did not want to be named in this report, said that it was like ‘stepping back in time’. “We’ve become very accustomed to relying on digital-everything — and this type of breach sets us back 30, 40 or 50 years,” the employee added.

Finger Lakes Health says they’re working with local law enforcement and security professionals to get the system up-and-running as soon as possible.

Online scheduling was impacted by the breaching, according to FLH officials.

Finger Lakes Health operates throughout the region — with locations in Penn Yan, Geneva, Waterloo — and multiple other satellite offices.

This story will be updated as more information becomes available.

 

Also on FingerLakes1.com