Ransomware Attack on Enloe Medical Center Caused EMR Downtime

Enloe Medical Center in Chico, CA had a ransomware attack two weeks ago and until now the electronic medical record (EMR) system of this California healthcare provider is offline.

Enloe knew about the ransomware attack on January 2, 2020, which encrypted the files of its entire network, which include the EMR system consequently the center staff are unable to access patient data. The provider promptly enforced emergency protocols to keep on delivering health care to patients and had to reschedule just a number of elective medical procedures.

The telephone system became non-operational as well because of the attack, but it was repaired the following day. The EMR system was not fixed and so employees had to use pen and paper to log patient information.

Even though there were some appointments canceled a week following the attack, Enloe Medical Center made sure that patients receive care expediently while the systems are under restoration. No information was given to the public regarding the type of ransomware the attacker used. However, based on the preliminary findings of the investigation, no compromise of patient information happened.

Chief financial officer of Enloe, Kevin Woodward, stated that immediate actions were taken to bring back critical operating systems and to protect the network when the incident was discovered. Currently, no evidence was found that indicates the compromise of patient information. The report of ransomware attack has been submitted to local and federal law enforcement agencies and the investigation is still in progress.

Ransomware attacks continue to increase all through 2019 and it’s likely that it will not slow down. Apart from file encryption, certain ransomware gangs use a new technique so that victims would pay the ransom. They steal sensitive information prior to deploying the ransomware.

The most recent attacks deployed different ransomware variants, such as the MegaCortex, Maze, Sodinokibi, and LockerGoGa. The attackers stole sensitive information before installing the ransomware. In attacks that used the Sodinokibi and Maze ransomware, the attackers threatened the victims to expose their sensitive data if they would not give the ransom demand. The threat actors literally exposed the sensitive information of the victims that did not pay the ransom.