If it sounds like a ransomware attack and they won’t tell you what’s going on for more than one week, I think ransomware sounds like a reasonable guess, and DataBreaches understands why some people are suggesting that.
On November 25, The City reported:
The computer network system at a major Brooklyn hospital network has been offline since Nov. 19 – leaving medical staff unable to access patient medical records or to upload laboratory and test results to electronic patient portals, according to doctors and other people aware of the situation.
The outage affects One Brooklyn Health System, a consortium that comprises Interfaith Medical Center, Brookdale Medical Center and Kingsbrook Jewish Medical Center.
The situation is ongoing. Yesterday, The New York Post reported:
Patients from Brookdale, Interfaith and Kingsbrook Jewish hospitals — part of the One Brooklyn Health System — have had to seek treatment at other hospitals amid the cybersecurity mess, which has left medical staffers unable to access patient records, sources told The Post.
Some media outlets seem to be getting caught up in city and state politics over this. That’s unfortunate. Let’s focus on the real issue right now — patient care has been disrupted and is at risk of medical errors due to lack of access to records. One Brooklyn is reportedly transferring patients to other hospitals without any explanation, and according to one source for the New York Post’s story, FDNY’s EMS service kept sending its ambulances to One Brooklyn hospitals because no one told them that One Brooklyn had an IT problem.
Where and what was One Brooklyn Health’s emergency plan? Was it implemented correctly or didn’t it get implemented promptly and completely?
When asked for an explanation about the outage which the NY Post described as a “crash,” Department of Health spokesperson Jeffrey Hammond reportedly told the press, ““We are aware of the incident, and we are working with One Brooklyn Hospital Network to ensure patient safety. As this is an ongoing investigation, we cannot comment further.”
That last statement is factually incorrect. They certainly can comment further. There is no law that prohibits the DOH or Brooklyn One Health from being forthright with the patients and public. If this is a ransomware attack, as it appears to be, or even if it isn’t, given the lengthy disruption, they should acknowledge it, hold a press conference to get the word out about disrupted services and expectations, and then post a notice on their website to explain to patients what is going on.
Communications are crucial.