On January 30, the Meadville Tribune reported that Meadville Medical Center was investigating what appeared to be an attack on the employee payroll system. No patient data was believed to have been impacted.
On March 26, however, and only days after furloughing hundreds of employees due to the decreased volume of patients coming to the hospital because of the pandemic, the center was hit with what appeared to be an malware attack that impacted the electronic health record system and email. The center optimistically reported that they would have the EHR system restored by that weekend.
It didn’t work out quite that quickly, though. According to an AP report yesterday, the EHR system was brought back online starting 5 days after the attack, but other systems remain down even now, three weeks later. Now the hospital is saying it expects “the vast majority of core systems to be restored and functional this week.”
The hospital also informed AP that there was no indication of “any unauthorized access to or taking of patient information.” Except that the hospital couldn’t access the EHR and that they had to resort to other systems while they couldn’t restore the EHR?
There has been no report that the furlough was in any way related to the attack, and the medical center has not reported receiving any ransom demand associated with the attack. DataBreaches.net has reached out to the center to seek more details about the malware and any ransom demand, and will update this post if a response is received.