Weeks after the Roy Schneider Hospital suffered an attack on its computer systems, a top official declared the problems caused by malware solved. The ransomware attack on St. Thomas lasted several weeks, while the territory’s second hospital – Gov. Juan Luis Hospital on St. Croix – remained unaffected.
Schneider Regional Medical Center’s Vice President of Information Systems, Brandon Richardson, added that the malware attack appeared to have come from a large, well-organized, and sophisticated source – possibly a state-sponsored organization.
And, he said, with help from federal partners, the center escaped without having to meet the attacker’s financial demands. The St. Thomas attack in early July is believed to have been one of many striking U.S. health care facilities in recent months. Officials at the FBI say 249 hospitals and health care providers nationwide were targeted by ransomware in 2023.
“ … we did not pay any ransom. It took us pretty much about a month to get back up. About a month and change; It depends when you call back up … I would say probably about six weeks,” Richardson said. “We were heavily attacked. We looked, we spoke to the federal partners, and they said, ‘You know, they tend to focus on health care systems.’”
The information tech executive expressed confidence that the malware fix was completed and systems that relied on its function were restored intact. “We went to paper (systems) and then once we got the system back up we went back to where we were, but some of our systems were using paper – like in surgery they’re still using paper. The majority of the system is fully electronic,” Richardson said.
Hospitals commonly rely on computer systems to manage patient records, inventory and billing information, but also to perform diagnostic tests like CT scans.
Richardson said the July cyberattack showed up as an email that, once opened, spread malware throughout the computer system. “ … we had noticed we had some inconsistencies in the network, and we did an assessment, and we realized that it was indeed ransomware,” he said.
What was learned through the process of identifying and solving problems was shared at meetings of the Health and Hospitals Facilities Corp. board. That allowed officials at Schneider Regional to share insights with their counterparts at Juan Luis Hospital.
“We shared with them everything that we experienced … we explained to them that it’s not an individual. This was a well thought out plan, and based on the information that we did get from the feds,” he said.
The hospital executive did not name the federal partners who came to help eradicate malware from their systems, but he did mention the National Institute of Standards and Technology and the Cybersecurity Infrastructure Security Agency. Established in 2018, the Washington, D.C.-based cybersecurity agency strives to work in public-private partnerships to solve problems and create sound infrastructure for the internet.
Richardson also credited efforts by the International Criminal Police Organization – Interpol for its role in solving St. Thomas’ malware infestation.
