AGH ER-3 copy.jpg

Atlantic General Hospital in Berlin experienced a ransomware attack early Sunday that took the network offline and has officials and investigators scrambling to address the issue.

Hospital officials, feds investigating cause, severity

Atlantic General Hospital officials and federal authorities continue to investigate the cause and effect of a cybersecurity attack that seized control of the hospital’s computer network Sunday and continues to hold it for ransom.

“Atlantic General Hospital is experiencing a ransomware event within our network,” Toni Keiser, the hospital’s vice president of public relations, said in an email Monday afternoon. “We are working diligently to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality to our systems as soon as possible. The incident has caused network outage issues with limited patient interruption.”

A ransomware attack is when hackers plant encrypted files in a computer system that lock out the network’s owner. The perpetrators then demand payment for the keys to unlock the encryptions.

Keiser said in another email on Tuesday that information technology personnel alerted hospital administrators to the issue early Sunday morning. She said officials have been “working around the clock” since to restore the system.

In the meantime, the hospital has employed “downtime procedures,” which means staff are using other means to handle information that is not dependent on the central computer system.

Keiser said AGH department heads, administrators and staff are following plans to care for patients safely and maintain hospital operations using non-network practices.

The focus of the procedures is “to ensure patient safety and continuity of care when clinical systems are impaired or completely unavailable,” she said.

Keiser also said that hospital personnel are doing whatever they can to protect the privacy and security of all information within the system, which includes patient records. And that assumes they have anything to do, as federal cybersecurity officials say a ransomware attack does not always involve a breach of sensitive data.

According to the Federal Cybersecurity & Infrastructure Security Agency, the goal of ransomware attacks is to strike quickly, take over a system, collect a ransom to re-open it and move on to the next target.

A data breach, however, can be a separate event that takes more time because accessing the information in a system involves more than gaining entry. It means getting to files through more layers of security and, in the case of sensitive information, cracking the encryptions that protect those files.

Even while the network is down, the hospital’s emergency room is still receiving and treating patients, Keiser said, and elective surgeries and other outpatient services are continuing. The Atlantic General Health System offices also remain open to care for acute patients. Personnel are still treating patients as well in the John H. “Jack” Burbage Regional Cancer Center, pulmonary function center, wound and endoscopy centers, and the facility’s behavioral health crisis center.

The hospital outpatient walk-in laboratory will be closed as the network issue is addressed, and patients scheduled for imaging will be contacted to reschedule their appointments until further notice.

While ransomware attacks have not typically occurred in this area, a little over a year ago cybercriminals took over the Maryland Department of Health network and held it hostage. That strike was one of more than 3,000 such attacks that occurred nationwide over the past two years, according to the security agency.

Agency officials, members of the FBI and others have publicly said the threat of these attacks has grown considerably since the pandemic, as criminals deploy malicious software — “phishing” — in fake emails and spam, and gain access to systems through some less secure connections that many people use to get in to their office servers while working from home.

Hospital officials have not indicated whether a ransom demand has been made or whether they plan to pay if one exists.

This story appears in the Feb. 3, 2023 print edition of the OC Today.

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.