AUSTIN (KXAN) — More than 24 hours after concerns cropped up about Seton hospital’s computer network being compromised, KXAN has learned more about what went wrong.
The Seton Healthcare group says a virus targeting hospital systems attacked Seton’s network Sunday night. Fortunately, the attempt was unsuccessful, meaning no data was lost or encrypted. Seton says teams responded quickly and shut down about 3,600 devices to protect sensitive patient and hospital data. The rest of the devices are expected to be back to normal by Wednesday night.
KXAN learned hospital staff drill for these types of cases and switched immediately to paper forms. Because of that, Seton says backup staff was called in to ensure proper patient care.
Normal computer operations have now been restored at five sites, including Dell Seton Medical Center at The University of Texas and Dell Children’s Medical Center of Central Texas. Seton says neither Seton Smithville Regional Clinic nor Seton Shoal Creek experienced any outage.
In a statement, Seton Healthcare Family wrote, “What’s important for you to know is that health care operations have been normal throughout this incident with one exception: out of an abundance of caution for patient safety, for a seven-hour period Sunday night we instructed emergency medical services to take stroke and some heart patients to other area hospitals. That diversion ended during the pre-dawn hours Monday.”
KXAN also reached out to St. David’s HealthCare, to learn about its efforts to protect the hospital system’s computer network and electronic medical records.
“Our efforts to protect data across our healthcare system include ongoing education for our employees, physicians, vendors and others to maintain awareness of safe practices that can help ensure compliance and the security of our information. We also have a number of robust security strategies, systems and protocols in place to help protect data, and we have detailed alternative operational and recovery procedures as part of our broader hospital preparedness plans,” Chief Information Officer Mike Blom wrote in a statement.
According to the U.S. Department of Health and Human Services, the Health Insurance Portability and Accountability Act (HIPAA) requires hospitals to have a response plan for any disruption to electronic health records. This used to be more for natural disasters, like Superstorm Sandy, which damaged systems and prevented access to medical records. But more recently, cyberattacks are to blame for limited access.