Appalachian Regional Healthcare Hit with Cyber Attack, Systems Down for a Week | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Appalachian Regional Healthcare Hit with Cyber Attack, Systems Down for a Week

September 2, 2016
by Heather Landi
| Reprints
Click To View Gallery

Appalachian Regional Healthcare (ARH), a health system with hospitals in eastern Kentucky and southern West Virginia, is still in the process of trying to restore its systems following a cyber attack that was discovered Saturday, Aug. 27.

Last Saturday, ARH Spokesperson Melissa Cornett released a statement saying the health system was dealing with technical complications.

The ARH system of hospitals in Kentucky and West Virginia are operating under their Emergency Operations Plan due to a computer virus "that has limited our use of electronic web-based services and electronic communications," Cornett said in her statement on Aug. 27.

ARH operates 11 hospitals, two in West Virginia and nine in Kentucky.

On Tuesday, Cornett released a statement saying officials do not believe at this time private patient information has been compromised. “ARH continues to work with authorities and computer experts to address the problems and restore our systems to operational capacity as quickly as possible,” she stated.

“In the meantime, ARH would like to emphasize that we presently have no reason to believe that the protected health information or any financial information of our patients or employees has been accessed. Please be assured that ARH will investigate this fully, and will take prompt action to notify and protect patients and employees if it appears that their private information has been accessed.”

Since Saturday, ARH employees had been tracking patients and performing their jobs without access to any of the hospitals’ computerized systems, Cornett said Tuesday afternoon.

Cornett further stated, “ARH’s hospitals and other locations of care across eastern Kentucky and southern West Virginia remain open, and our staff is working hard to continue to provide the same level of quality healthcare to our patients while we recover from this cyber attack. We appreciate the extra efforts of our outstanding workforce, and the patience of the people we serve, as we work through the inconvenience of having computer systems out of service.”

Cornett said all ARH computers were shut down to prevent further spread of the virus and all paperwork is being managed manually. She said staff will assess all critical patients to determine if they should be transferred to another facility for care. Officials ask patients visiting a physician practice to bring all prescribed medications to upcoming appointments until further notice.

Local news station WYMT, a CBS affiliate, reported on Tuesday that federal authorities are investing the cyber attack at ARH. "A law enforcement source told CBS News that they are aware of a cyber breach at ARH. CBS News reports the incident appears to be ongoing. When asked whether it was a ransomware case, a situation in which hackers demand money, an FBI spokesman would not comment except to say ‘they cannot confirm or deny the existence or non-existence of an investigation,’” the WYMT report stated.

A number of hospitals have been hit with ransomware attacks in the past year, and the situation at ARH, with a computer virus requiring the shut-down of most of the computer systems, bears some similarity to those attacks. In February, Los Angeles-based Hollywood Presbyterian had to operate without its computer systems and without access to electronic health records for more than a week. The computer systems were only restored after the hospital paid hackers $17,000. In late March, the MedStar Health system, based in Columbia, Md., and serving the Washington-Baltimore corridor, also was hit with a ransomware attack and systems were down more than a week. MedStar Health officials denied that any ransom was paid related to the cyber attack on its computer networks.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

White House Proposes Restructuring, Renaming HHS as Part of Broad Reorganization Plan

A sweeping government reorganization plan released by the White House Thursday proposes restructuring and renaming HHS, including moving many public assistance programs from USDA to HHS.

CMS Introduces Data Element Library

The Centers for Medicare & Medicaid Services (CMS) has announced the launch of its Data Element Library (DEL), with the overarching goal to support the exchange of electronic health information.

Data Breach at Health Billing Company Exposes PHI of 270,000 People

A healthcare data breach at Med Associates, a Lathan, N.Y.-based health billing company, that may have exposed the protected health information (PHI) of 270,000 people, according to local media reports.

CMS to Host Blue Button 2.0 Developer Conference

The Centers for Medicare & Medicaid Services will host the first Blue Button 2.0 Developer Conference at the General Services Administration national headquarters in Washington, D.C., on Monday, Aug. 13, 2018.

House Passes Bill to Align HIPAA, 42 CFR Part 2

The U.S. House of Representatives recently passed a bill designed to align 42 CFR Part 2 with HIPAA for the purposes of health care treatment, payment, and operations. One goal of the change is so that care can be better coordinated and providers can have appropriate access to all of a patient’s medical record, including information about substance use disorders.

MedStar Health Awarded Grant to Pilot Apps for Patient-Reported Outcome Data

A team of researchers from Maryland-based MedStar Health has been awarded an 18-month contract from AHRQ to support the development and testing of technical tools and apps that can be used to collect patient-reported outcome data.