There was a different feeling at Bluewater Health this week, three months after hospital systems were shut down amid a cyberattack, the hospital group’s chief executive says.
There was a different feeling at Bluewater Health this week, three months after hospital systems were shut down amid a cyberattack, the hospital group’s chief executive says.
Advertisement 2
Article content
As of Tuesday, core aspects of Bluewater Health’s hospital information system Meditech were back running, said Paula Reaume-Zimmer.
Article content
“Exactly three months to the date that we actually recognized the attack,” she said.
The ransomware attack discovered Oct. 23 that targeted five hospitals, including Bluewater Health, in Lambton, Chatham-Kent and Essex through a shared supply and technology systems provider TransForm Shared Service Organization, led to the widespread outage of hospital systems including patient records, medication lists, as well as payroll and other systems, officials have said.
As of Tuesday, officials had summarized inputting digital records for things such as prescriptions and patient registration, putting aside pens and paper which had been relied on in the interim, Reaume-Zimmer said.
Advertisement 3
Article content
“Radiology, it’s now connected and they’re also testing the process,” she told hospital corporation board members.
“There was a different pulse around the hospital when we rounded,” she said.
“There was a sense of relief to staff.”
Hopes are to continue restoring systems in the coming weeks, she said.
What exactly has been restored and what of Meditech remains down after the attack is unclear.
Communications chief Keith Marnoch said answering that question requires navigating legal implications. More information wasn’t available by press time Friday.
Bluewater Health, alone among the five hospitals affected to have a decades-old hospital information system at the time of the cyberattack, was also hardest hit.
Advertisement 4
Article content
Bluewater Health officials have said 5.6 million of its records dating back to 1992 were stolen, affecting about 267,000 people, and that information has been posted to the dark web.
Stolen data includes social insurance numbers for about 20,000 patients, officials have said.
A $480-million class action lawsuit has been filednaming all hospitals involved in the attack and Transform.
With the exception of the three month gap between the attack, for which hacker group Daixin Team has claimed responsibility, and now, patient records are back, chief of staff Michel Haddad told board members Wednesday.
Without the hospital information system, hospital personnel haven’t had access to things like patient health card numbers, medical histories or medication lists.
Advertisement 5
Article content
Payroll was restored in December, Reaume-Zimmer said — praising staff for those efforts — after Bluewater Health had been using cash advances as a substitute while the Meditech financial module was being restored.
Plans are to continue with Meditech restoration efforts before implementing a new, more secure hospital information system (HIS) called Oracle Cerner, Reaume-Zimmer said.
“Expect probably by the end of February where the team will very quickly shift from recovery to looking at onboarding an entirely new HIS,” she said, noting November is the target date for the switch.
“So, a lot of exciting news.”
Upgrading the hospital information system will bring Bluewater Health in line with the systems of other hospitals affected by the attack, but that were largely immune from patient record theft, officials have said.
Advertisement 6
Article content
Bluewater Health board members also voted to make updates on the hospital information system one of the board’s key priorities, along with developing a board-level equity, diversity and inclusion strategy, and planning for future Ontario Health Team governance.
The effects of the cyberattack were apparent at the board meeting, where the most recent data was from September for several indicators, like how long patients wait for beds, and the percentage of beds being taken up by patients who don’t need hospital care, but have nowhere else to go.
“This a challenge clearly to get information available,” board chair Margaret Dragan said, adding “we will continue to monitor these things and, as the information is available, we’ll get on it.”
Article content