13 clinics still closed following this week’s cyberattack
Heritage Valley tries to clean up software
No decision had been made Friday about a possible reopening of the Heritage Valley Health System clinics, which were forced to close after a cyberattack disabled the system’s computer network earlier in the week.
HVHS spokeswoman Suzanne Sakson said the hospital system has been intent on getting the outpatient network cleared of malicious software that paralyzed the Beaver-based nonprofit Tuesday. “Everybody’s focused on bringing everything up,” she said about the computer network.
Thirteen Heritage Valley Health System clinics remained closed Friday as the hospital system worked to restore computer networks that were knocked out Tuesday, which prevented doctors from accessing patient records. The clinics include seven so-called medical neighborhoods, plus blood draw and diagnostic clinics in Beaver, Allegheny and
Lawrence counties and Calcutta, Ohio. Heritage Valley Women’s Health Center in Center Township was also closed.
Lab and diagnostic imaging services at Heritage Valley Beaver and Sewickley hospitals were operational, and so were the system’s Convenient Care walk-in clinics.
The cyberattack at HVHS came five months before the Centers for Medicare and Medicaid Services requires hospitals to strengthen preparedness and maintain continuity of services during an emergency. Included in the new rule is a comprehensive framework for risk assessment and training exercises.
The new rule was under consideration for several years, according to CMS, the federal agency that controls hospital reimbursement, and grew out experiences with the terrorist attacks of Sept. 11, 2001, Hurricane Katrina, the H1N1 virus outbreak and other man-made and natural disasters.
In addition concerns about patients accessing care during such closures, the cyberattack also deprives the health care system of revenue from providing medical care, the lifeblood of every hospital.
In fact, insurance policies covering cyberattacks have been gaining popularity over the past five years as premiums have dropped, according to Tom Philbin, senior vice president at Downtown-based insurer Henderson Brothers Inc.
“It’s the hottest ticket we have,” Mr. Philbin said. “Everybody is buying it.”
The kind of malware that infected HVHS’s computers essentially locks up the network and demands payment in non-traceable currency, such as bitcoin, to free the documents. But Mr. Philbin said the ransom is small potatoes compared to the illegal reimbursement attackers can gain by exploiting hacked billing information. “It’s evolving so fast,” he said.
HVHS was swept up in a cyberattack that hit corporations and governments worldwide. The National Health Information Sharing & Analysis Center, a nonprofit Ormond Beach, Fla.-based cybersecurity agency, on Thursday reported testing a “vaccine” for the malware, which could prevent and stop the spread of the computer virus. The malware is believed to have originated in Ukraine.
Meanwhile, the Hospital & Healthsystem Association of Pennsylvania, a Harrisburg-based trade group, has offered to help HVHS, according to spokeswoman Rachel Moore. She referred questions to Ms. Sakson, who declined to discuss specifics of the attack and said HVHS would continue issuing updated statements.