Sonoma Valley Hospital Security Incident Blamed on Ransomware
The security incident triggered a significant downtime event, according to the hospital.
UPDATE NOVEMBER 3, 2020: The October 11 security incident that happened at Sonoma Valley Hospital is now being classified as a ransomware attack. It is believed to be part of a coordinated Russian operation targeting as many as 400 U.S. hospitals, reports the Press Democrat.
The hospital said that in response to the attack, it quickly stopped the incident by taking its electronic systems offline. The medical facility didn’t pay the attackers any ransom. While all of this was happening, the hospital was still able to provide emergency care and perform surgeries, as well as perform most diagnostic tests.
According to a statement by the hospital:
After discovering the attack, our cyber security team – in partnership with outside information technology and forensics experts – successfully prevented the cybercriminal from blocking our system access and ultimately expelled them from our system. Prior to our locking out the cybercriminal, the cybercriminal may have removed a copy of a subset of data.
Based on the reports of the investigation, it is possible that some patient medical information was compromised. We do not believe that patient financial information such as financial account information or payment information was affected. Sonoma Valley Hospital’s electronic health record system was not affected by this incident. The forensic investigation is ongoing to identify individual patients potentially affected and specific data involved. We will notify affected patients, as appropriate, when we have more detailed information available to us.
ORIGINAL OCTOBER 29, 2020 ARTICLE:
Sonoma, California – Sonoma Valley Hospital reported last week that a security incident shut down its computers.
In its October 22 notice to patients, the hospital said the October 11 incident “triggered a significant downtime event”:
Currently, the Hospital is maintaining operations while computer systems are being fully restored. We have maintained the ability to care for patients using our business continuity plan.
- Emergency Care remains available 24/7. Necessary surgeries and elective procedures have not been disrupted by the incident.
- The majority of diagnostics are being continued without interruption.
- The patient portal remains available but new results have not been posted to the portal since October 11.
The Hospital immediately initiated an investigation. We have partnered with outside experts to help us investigate and remedy this incident. We will provide updates as the investigation progresses.
Some patients who were waiting for their test results were repeatedly told to check back with the hospital, reports the Sonoma Index-Tribune. One woman attempting to schedule a mammogram told the newspaper she was delayed in making her appointment for at least a week due to Sonoma Valley’s computer problems.
It is unclear what caused the security incident and if it was ransomware.
Sonoma Valley Hospital is just the latest medical facility to experience IT disruptions. In September, all 250 of Universal Health Services facilities’ computer networks were affected by a malware attack.
The cost of such breaches is expensive. In mid-October, 28 states won a nearly $5 million judgement against Tennessee-based CHS/Community Health Systems Inc. and its subsidiary, CHSPSC LLC, over a 2014 data breach that affected approximately 6.1 million patients. The settlement followed a $2.3 million settlement by the Department of Health and Human Services for Civil Rights over the same security incident.