ROCHESTER, N.Y. (WROC) — A ransomware attack at Jordan Health caused the center to take precautions and shut down computers at the facility.
The center first became aware of suspicious activity on its servers Wednesday night, and decided to take action.
“We went dark. literally shut every single server, every single computer, every single laptop in the organization,” said Jason Dunn, the Chief Operating Officer at Jordan Health.
On Wednesday, the center convened an emergency team that activated a plan to stop the threat. They’re now working with the FBI and others to restore the system, and investigate the attack. So far, forensics show patient data was not accessed. That information is stored on a separate and encrypted server that was not targeted in the attack.
Either late Wednesday or early Thursday, the center received a ransom note. The note told the center that their server had in fact been compromised, and listed an email where officials at Jordan Health could reach the attackers.
“They actually managed to have it print to a number of printers on our system. so we found it on the printers this morning,” said Dunn.
According to Jordan Health, the center did not respond to the note and has no plans to do so.
“We serve some of the poorest of Rochester’s community. We serve the under-served, we work on a shoe string budget, and why anyone would think that we would be in a position to pay a ransom is beyond me. And the impact it could have on our patients if we were not ready could be disturbing,” said Dunn.
The center is currently operating manually and relying on paper records as opposed to standard electronic medical records.
“If you are a patient and you do need to come in, we’re asking a small favor. When you come in bring a photo id, bring your insurance card. And please bring your medications. We’re open, we’re seeing patients, but without the MR we don’t have access to the medication list, so it’s a real help when patients bring their medications and we can check them,” said Dunn.
Jordan Health hopes to be running with all servers and computers running as normal by mid-day Friday.