
WOONSOCKET — Thundermist Health Center shut down their electronic health records system Thursday after employees discovered portions of the database were not accessible, which IT personnel attributed to ransomware, then restored the system from a backup and prevented the attack from reoccurring.
The health center is operating normally after opening this morning under regular hours, with the electronic records system restored by 10 a.m., said Amanda Barney associate vice president, communications and development. Yesterday, while the electronic record system was shut down, she said, the health center operated according to their emergency plan and performed record keeping via paper forms.
Preparing for Success: Your Not-for-Profit Audit Season Guide
The days are getting longer, the sun is setting later, and the weather is starting…
Learn More
The health center canceled appointments on Thursday with patients who could not be served without the electronic record system.
Barney said the health center was first alerted to the attack at about 8:12 a.m. Thursday when employees realized they couldn’t access parts of the electronic health records. IT personnel at the center quickly determined the access difficulty was caused by ransomware.
“There was a signal that it was ransomware,” Barney said.
The health center shut down the system immediately, and IT personnel at the center began working to prevent the ransomware from infecting the system again. The electronic record system was then restored from a backup prior to the attack, now protected against it, and the center began operating normally.
Barney said that Thundermist contacted the R.I. Department of Health and the R.I. State Police about the attack, and that the FBI’s cybersecurity unit is investigating the attack.
Laura Meade Kirk, director of public information at the R.I. State Police, referred questions to Thundermist. The FBI declined to comment on the matter, and would not confirm they are investigating the attack.
Barney said Thundermist cares for about 45,000 people who are part of the electronic health record system. She said that their IT personnel are confident there was no data lost to the ransomware attack. Ransomware, she said, encrypts data on a victim’s servers, but doesn’t steal it. Rather, she said, the attacker demands payment, or ransom, to unlock the data.
Barney said their chief information officer Christopher Antonellis said that when a cyber attack removes information from a system, that there are signs alerting them that information was taken.
“But there are no indications or signs that any information was moved out of the system,” Barney said.
Rob Borkowski is a PBN staff writer. Email him at Borkowski@PBN.com.