Sonoma Valley Hospital has confirmed that its October 11 system-wide computer shutdown was the result of a ransomware attack by hackers who demanded money in exchange for restoring access.
“The hospital has not paid ransom and is cooperating with law enforcement,” said Celia Kruse de la Rosa, SVH public information officer.
The attack is likely part of a Russia-based hack campaign that could target as many as 400 hospitals and clinics nationwide, according to the New York Times. Some 30 incidents have been reported so far, it reported.
SVH is still recovering from the October 11 attack in which some patient information “may have been compromised.”
Responding to the attack, the hospital quickly took its systems offline, de la Rosa said, but the hackers may have copied data — including medical information — before being locked out.
A cybersecurity team successfully prevented the attacker from blocking SVH access, she said. But although the intruder was ultimately locked out, “the cybercriminal may have removed a copy of a subset of data. Based on the reports of the investigation, it is possible that some patient medical information was compromised.”
As for patient financial data, SVH “does not believe financial account information or payment information was affected.” Nor was the hospital’s electronic health record system, de la Rosa said.
The forensic investigation is ongoing to identify individual patients potentially affected and specific data involved. SVH will notify affected patients when more detailed information is available.
Those concerned may call a dedicated and confidential toll-free response line 877.374.2465. The special line is staffed with professionals familiar with this incident and knowledgeable about precautions to take. It is available Monday through Friday, 8:00 a.m. to 5:00 p.m.
SVH stresses that Emergency Care is fully functional, and necessary surgeries and the majority of diagnostic tests are continuing without interruption.
Nationally, up to 400 American hospitals are being targeted, according to the Times and other outlets. The attacks are intended to take those facilities offline and hold their data hostage in exchange for multimillion-dollar ransom payments.
SVH did not comment on the specific demands made by the October 11 attacker.