It's been nearly a week since a virus took down Erie County Medical Center's computer system, and the Buffalo, N.Y.-based system still doesn't have the system completely back up and running—though it hopes to return full service by the weekend.
ECMC's system went down on April 9 after being struck with a virus. No patient data was breached, but 6,000 desktop computers needed to be erased and ECMC kept the entire computer system offline to minimize damage.
GrayCastle Security, a Troy, N.Y.-based cybersecurity firm, has been helping ECMC bring its computer system back online by using patient, financial and human resources records stored on a back-up.
In the meantime, ECMC, which has 602 beds, has had to reschedule some non-essential surgeries, manually admit patients and write prescriptions. Providers had limited access to patient records on laptops, but they were unable to edit EHRs.
The virus was unleashed by hackers demanding ransom, two sources told WGRZ, Buffalo's NBC affiliate. ECMS has neither confirmed nor denied the allegation.
ECMC is not required to alert HHS of the breach because it didn't affect patient data. HHS must be notified of any breach involving protected health information that affects 500 or more patients.
The virus hit a few days after a U.S. House of Representatives committee heard testimony about cybersecurity in healthcare. In the hearing, held before a subcommittee of the House Committee on Energy and Commerce, members of the healthcare industry asked for a government liaison to work with the private sector and facilitate public-private partnership on cybersecurity.