Ransomware attack on hospital siphons patient, staff info

Hackers who infiltrated and shut down the computer system at OakBend Medical Center on Sept. 1 also siphoned off “sensitive patient and employee” personal information, a spokesman confirmed Thursday.

The hackers, whose identify is still unknown to hospital executives, uploaded ransomware virus into the hospital’s computer system, effectively shutting it off until a ransom was paid, said Ivan Shulman, public information officer for the hospital group.

The computer system controls telephones, internet access, emails and even software that controls the flow of oxygen and other healthcare equipment. Shulman said at no time were patients in jeopardy because of the computer virus. Shulman said the hospital informed the FBI and the Fort Bend County Cyber Task Force and then put up a firewall to prevent the hackers from doing further harm, Shulman said.

“We walled off the hospital to prevent outside people from getting in,” he explained. Only now is the hospital system getting back online. Presently, the hospital can once again send and receive emails, go online and use telephones; however, voicemail is still unavailable. OakBend explained the problem it was facing on its website.

“IMPORTANT ANNOUNCEMENT”

“On Thursday, September 1, 2022, OakBend Medical center was hit by a ransomware attack. Ramsomware is a malware designed to deny a user or organization access to files on their computer by encrypting these files and demanding a ransom payment for the encryption key,” the hospital explained on its website.

“In accordance with OakBend’s protocols, our IT team immediately took all systems offline and placed our systems in a lock-down mode.

“At no time was patient safety ever in jeopardy.

“The OakBend Medical Center ransomware issue was immediately turned over to the FBI, CYD, and the Fort Bend County Government Cyperteam to investigate all issues. OakBend’s IT team and CFO secured all patient-centric systems.”

“Experts from Microsoft, Dell, Malware Protects, and our own IT staff have cleared our system for rebuilding. Rebuilding our system may cause temporary communication issues for our patients, vendors, doctors and administrators. Once the virus attacked the hospital’s computer system, the hospital system implemented its hurricane disaster plan. That plan, which envisions a loss of power and computer use, requires staff to use paper charts and paper prescription plans as were used in decades before computers.

“We will post updates often and have listed alternative contact methods. Thank you for your patience as we work through this,” the hospital announced on its website.

Here is the list of alternative phone numbers:

Accounting, 281-633-4036; administration, 281-341-4069; BioMed, 281-341-2010; business office, 281-341-4816; cardio, 281- 341-4802; case management, 281- 341-2810; communications, 281- 341-3000; dietary, 281-283-7846; ER, 238-341-6800; facilities, 281-238-7838; HIM, 281-341-4852; human resources, 281-341-4831; ICU, 281-344-6200; JS med/surgery, 281-344-6500; lab, 281-341-4876; materials mgmt, 281- 341-2009; perinatal, 281-341-4840; pharmacy, 281-341-4884; radiology, 281-341-4861; senior behavioral health, 281-341-7868; WW med/surgery, 281-341-3033.

“We continue to diligently work with national cyber authorities and have thus confirmed that sensitive information was breached within our hospital infrastructure on patient and employee levels,” the hospital announced on its website.

“Please allow us the time to appropriately address this with proper disclosure from the government.”

Shulman said the hospital is waiting to receive a list of names of the employees and patients whose personal information was taken during the breach. Once the hospital system has the list of names, those whose sensitive personal information was taken will be notified, he said.

“The most important thing people should know is that we are open for business and patient care has not suffered because of this,” Shulman said.