Aspen Valley Hospital able to stave off holiday hijack by ‘ransomware’ |

Aspen Valley Hospital able to stave off holiday hijack by ‘ransomware’

Aspen Valley Hospital.
Aspen Times File

Aspen Valley Hospital went into incident command mode for about 36 hours over the Christmas holiday when a malicious software unsuccessfully attempted to get into the system through a third-party vendor.

If not for the quick reaction time of the IT department, the hospital’s operation could have been hijacked, according to Dave Ressler, CEO of AVH.

“It was ransomware where they were trying to encrypt and shut us down and make the vendor pay a ransom,” he said Monday. “We were collateral; it wasn’t a direct hit on us.”

Because of AVH’s robust IT system, which prevents and detects software breaches, the IT department was alerted to the virus as soon as it hit the hospital’s computers.

“The IT department reacted immediately … within minutes,” Ressler said. “They shut everything down.”

That was in the early morning Dec. 25 when AVH shifted to “downtime procedures” in which operations were paper-based.

AVH’s main system, Meditec, which tracks patients, was operational by about 5 p.m. Dec. 26.

Downtime procedures take longer because it requires people to transmit information on paper rather than computers, but AVH was able to maintain patient care even during busy times.

“That’s because we had the right preventative measures and our ability to respond quickly,” Ressler said. “I can’t say enough about the IT department’s dedication and professionalism.

“They really proved their mettle.”

Ressler said the systems in AVH’s clinics were not affected but other things such as internal email could have been.

Lingering effects continued internally for a few days before everything went back to normal, Ressler noted.

“We had to do a sweep of all the systems and that takes a lot of time,” he said. “At no time was our patient information compromised.”

Downtime procedures and incident command have been put in place before, including during the 2018 wildfire near Basalt when electricity was compromised, or when there is a threat to the phone or internet systems.

But as Ressler pointed out, “We have never had a large-scale attack like this.”

Incident command has the hospital function differently by assigning certain individuals to take on additional responsibilities to oversee the operation.

The incident commander was Jennifer Slaughter, AVH’s chief marketing officer, who also praised the IT department.

“They were complete professionals and got us out relatively unscathed,” she said, adding the entire hospital staff rose to the occasion. “It was amazing how they pulled together.”