Aspen Valley Hospital able to stave off holiday hijack by ‘ransomware’
Aspen Valley Hospital went into incident command mode for about 36 hours over the Christmas holiday when a malicious software unsuccessfully attempted to get into the system through a third-party vendor.
If not for the quick reaction time of the IT department, the hospital’s operation could have been hijacked, according to Dave Ressler, CEO of AVH.
“It was ransomware where they were trying to encrypt and shut us down and make the vendor pay a ransom,” he said Monday. “We were collateral; it wasn’t a direct hit on us.”
Because of AVH’s robust IT system, which prevents and detects software breaches, the IT department was alerted to the virus as soon as it hit the hospital’s computers.
“The IT department reacted immediately … within minutes,” Ressler said. “They shut everything down.”
That was in the early morning Dec. 25 when AVH shifted to “downtime procedures” in which operations were paper-based.
AVH’s main system, Meditec, which tracks patients, was operational by about 5 p.m. Dec. 26.
Downtime procedures take longer because it requires people to transmit information on paper rather than computers, but AVH was able to maintain patient care even during busy times.
“That’s because we had the right preventative measures and our ability to respond quickly,” Ressler said. “I can’t say enough about the IT department’s dedication and professionalism.
“They really proved their mettle.”
Ressler said the systems in AVH’s clinics were not affected but other things such as internal email could have been.
Lingering effects continued internally for a few days before everything went back to normal, Ressler noted.
“We had to do a sweep of all the systems and that takes a lot of time,” he said. “At no time was our patient information compromised.”
Downtime procedures and incident command have been put in place before, including during the 2018 wildfire near Basalt when electricity was compromised, or when there is a threat to the phone or internet systems.
But as Ressler pointed out, “We have never had a large-scale attack like this.”
Incident command has the hospital function differently by assigning certain individuals to take on additional responsibilities to oversee the operation.
The incident commander was Jennifer Slaughter, AVH’s chief marketing officer, who also praised the IT department.
“They were complete professionals and got us out relatively unscathed,” she said, adding the entire hospital staff rose to the occasion. “It was amazing how they pulled together.”
Support Local Journalism
Support Local Journalism
Readers around Aspen and Snowmass Village make the Aspen Times’ work possible. Your financial contribution supports our efforts to deliver quality, locally relevant journalism.
Now more than ever, your support is critical to help us keep our community informed about the evolving coronavirus pandemic and the impact it is having locally. Every contribution, however large or small, will make a difference.
Each donation will be used exclusively for the development and creation of increased news coverage.
Start a dialogue, stay on topic and be civil.
If you don't follow the rules, your comment may be deleted.
User Legend: Moderator Trusted User
The Pitkin County Sheriff’s Office is taking the lead in trying to close a gaping hole in the investigation of crimes in the upper Roaring Fork Valley by purchasing license plate-reading cameras likely to be used at the chokepoint entry and exits to Aspen.