Enloe Medical Center’s EMR Downtime Because of Ransomware Attack

A ransomware attack on Enloe Medical Center in Chico, CA two weeks ago is still causing this California healthcare provider’s medical record system to be out of action.

Enloe Medical Center identified the attack on January 2, 2020, which resulted in the encryption of its entire network, including the electronic medical record (EMR) system so that the center staff cannot access patient information. The provider quickly implemented emergency protocols to continue providing care to patients. Only a few elective medical procedures were rescheduled.

The attack also caused the telephone system to be out of action on the day the attack occurred. Enloe Medical Center had the telephone system restored the next day however its EMR system remained out of action. Employees simply use pen and paper to record patient data.

Although some appointments were canceled one week after the attack, Enloe Medical Center is making sure that care is given to patients expediently while the technical team works on systems restoration. There is no information publicly disclosed regarding the type of ransomware used by the attacker. However, according to the initial findings of the investigation, there’s no compromise of patient data.

Enloe’s chief financial officer, Kevin Woodward, said that the company took immediate steps to restore critical operating systems and to secure the network upon knowing about this incident. At this time, there is no evidence indicating the compromise of patient medical data. Local and federal law enforcement bureaus already received Enloe’s report about the ransomware attack and the investigation has been ongoing.

There has been a continuous increase of ransomware attacks throughout 2019 and most likely it won’t slow down. Besides file encryption, a number of ransomware gangs are using a new strategy to enhance the likelihood of getting ransom payments. Before deploying the ransomware, they are stealing sensitive data.

The latest attacks used various ransomware variants, including the MegaCortex, Maze, LockerGoGa, and Sodinokibi. The attackers stole data prior to deploying the ransomware. Those that used the Maze and Sodinokibi ransomware threatened the victims to expose their stolen information if they do not pay the ransom. The threat actors actually published the sensitive data when the victims decided not to pay the ransom.