ST. CROIX — Enhancements implemented at Schneider Regional Medical Center following a ransomware attack in July allowed the St. Thomas hospital to quickly recognize a second cyberattack that occurred Sunday before it spread through the entire system, the hospital’s CEO said Wednesday during a monthly meeting of the Virgin Islands Government Hospitals and Health Facilities Corporation, known as the territorial hospital board.
The hospital has segregated the affected area and restored internet and phone access in addition to notifying federal authorities, including the FBI and Cybersecurity & Infrastructure Security Agency to complete a full investigation to determine the source of the ransomware attack, Tina Comissiong, SRMC chief executive officer, said during the virtual meeting.
“Although we were attacked again, this attack, we expect it to have much less impact than the first one,” she said.
Comissiong said SRMC is internally preparing to restore its electronic health record system. In response to a question from Jerry Smith, board vice chair, she said the system is expected to come back online next week.
“We’ve already done most of the scanning of all of our devices and the systems, and we are in the process of reloading all of the information on the system,” she said, adding that a third-party vendor will give the all clear from an information technology standpoint to bring the system back online.
In the meantime, Comissiong said the hospital is following its continuity of operation plans and providing all clinical services as usual.
“We are operating under our downtime procedures, which our staff are well-versed on,” she said. “We’re maintaining good notes and clinical documentation around the care that we’re giving, and our teams are prepared for a systematic, orderly reentry of that downtime data into the system once we get the all clear from IT.”
Considering SRMC has been the victim of two cyberattacks, Smith questioned how secure the electronic health records are that the hospital maintains for its patients. Comissiong highlighted efforts to strengthen the system to better handle any attempted attacks, including an improved firewall and up-to-date antivirus software on all the hospital’s devices.
“It’s actually what allowed us to catch this unknown actor in the system a lot sooner than might have happened in the past,” she said. “We’ve created a lot more dual factor authentication where that’s possible. We’ve segregated the system a lot more so that there is not an ability for a single attacker to move through the system from point to point.”
SRMC continues to back up its data more regularly, Comissiong said, noting the hospital has off-site copies so it can ensure the legacy data is protected. She said the hospital has also partnered with the Bureau of Information Technology to provide internal staff training.
“We know that a lot of these bad actors get in through user error and clicking on a link that you shouldn’t click on, etcetera,” she said. “We’ve done a lot of effort in training our staff. We know these attackers are very, very savvy.”
For instance, Comissiong said an employee could receive an email that looks legitimate except for one extra character in the address. She said an employee could click on a link thinking it was from a legitimate source. While financial institutions were previously the primary targets of cyberattacks, she said health care organizations are now the No. 1 targets.
“We have to do our due diligence and do everything we can to have a very strong system,” Comissiong said. “We want the public to know that we’ve given full access and really handed everything over to the federal authorities, including the FBI, CISA and others, so that they can investigate as well and try to find the source of the attack.”
The first cyberattack at SRMC in July did not solely target the hospital, Comissiong said.
“There were multiple organizations that were hit by that same attacker, even at a national level,” she said.
In addition to working with BIT and Virgin Islands Next Generation Network as well as with private-sector partners to strengthen the hospital’s system, Comissiong said SRMC is going to have a company do penetration testing to determine if there are any holes in the system and make recommendations on how to close them. She said an entity will also monitor the hospital’s system around-the-clock to look for anomalies that could suggest whether there is an unauthorized user so SRMC could proactively shut it down before any cyberattack.
“We’ve done a lot and we have more to do, and we want the community to continue to trust us with their care and know that we have their best interest at heart,” Comissiong said.
