Emergency preparedness is a vital component of healthcare management. Unfortunately, preventing cyberattacks has now become as essential as planning for natural disasters, mass shootings, epidemics and a litany of other potential catastrophes.
Earlier this month, Hackensack Meridian Health was the victim of a targeted ransomware attack. Despite our growing awareness of the frequency of these attacks and preparation, it packed the punch of a hurricane.
Numerous computer applications were hobbled, including call bells in some locations so we provided patients with actual bells and increased staff. Clinical teams immediately went to backup procedures, including writing physician orders on paper. Prescriptions were filled manually in some of our pharmacies.
As a healthcare executive for 35 years, I have seen my share of jammed emergency rooms from all sorts of mayhem: multivehicle pileups, deadly fires and the fallout from chemical explosions. Those scenes are disturbing, but it's what we do: We snap into action and save lives. This was surreal and unsettling: a faceless criminal enterprise crept into our hospitals and physician offices, our labs and our pharmacies, to impact operations in pursuit of a payout.
Our network, which includes 17 hospitals and more than 500 patient-care locations, was saved by countless acts of heroism. Our IT teams worked around the clock to restore functionality; our clinical teams quickly converted to backup practices that include a lot of paper; our vice president of payroll worked 30 hours straight to ensure people got paid. Our physicians and team members really pulled together in this crisis.
Four days into the attack, our core clinical systems were fully restored. Our entire network reported fewer than 100 elective procedures rescheduled. Patient volumes remained the same or higher than is typical for this time.
As we continue to stabilize our network, there are lessons to share: