Finger Lakes Health is reporting that it lost access to its computer system. The agency, including the Geneva location said that an outside party is demanding payment to let it access its files. Messenger Post Media is still working to unravel details on this developing story.
Finger Lakes Health continues to operate offline following a hack of electronic systems.
About midnight Sunday, Finger Lakes Health was notified electronically that specific electronic systems had been encrypted by an outside party who is demanding payment to decrypt access.
Finger Lakes Health comprises a vast network of health facilities across the region. Those include two hospitals, Geneva General Hospital in Geneva and Soldiers & Sailors Memorial Hospital in Penn Yan. In addition, the network includes four nursing homes, eight primary care physician practices, an ambulatory surgery center, two Urgent Care sites and six specialty-care practices, among others.
Responding to questions Tuesday from Messenger Post Media via text, a hospital official reiterated: “There is no indication that any patient, resident or employee information was compromised.”
On Tuesday afternoon, a hospital security vehicle could be seen circling around Geneva General Hospital. A hospital security guard at the main entrance referred all questions to hospital officials.
Canandaigua resident Rebecca McGuigan, who was leaving the hospital after visiting a relative, said it seemed to her the hospital was handling things well. She didn’t see any difference in operations but imagined “it must be hard,” she said, referring to going offline.
McGuigan said she is a nursing assistant at the Canandaigua VA Medical Center, so she understands how important data is.
Lara Turbide, vice president of community services for Finger Lakes Health, responded via text this way to the following questions from the Messenger:
What types of information was compromised? Can you say for certain that patient or employee information was not compromised?
“There is no indication that any patient, resident or employee information was compromised.”
How long do you expect the system to be in lockdown?
“We will be using manual procedures as long as necessary as we intentionally and thoughtfully bring systems back online. As an immediate response to the electronic message Sunday morning, we intentionally took systems offline including internet access.”
What can you tell us about this outside party who is demanding payment? How much in payment is demanded? What is the next step in getting this resolved?
“This is part of an ongoing investigation so for this aspect I’d just like to emphasize we will put patient and resident care at the center of all decisions and are working with security consultants and law enforcement.”
At Thompson Health based in Canandaigua — which is part of a different health network, UR Medicine — President/CEO Michael F. Stapleton, Jr. provided a statement regarding cyber security:
“Cyberattacks are a continuing and constantly evolving threat to any private businesses, government agencies, or non-profit organizations that use any technology or computing devices that can access the internet,” Stapleton stated.
“In an ongoing effort to defend our systems from cyberattacks, we use multiple safeguards that include a variety of industry-recommended security technologies and protocols. With all of our IT and cybersecurity through UR Medicine, we continually assess and update those protections to do everything we can to prevent potential access of our information systems.
"Cybercriminals are increasingly sophisticated and continue to develop new ways to hack organizations’ computer systems, so this effort requires constant vigilance. Having UR Medicine’s expert team leading these efforts has been one of the many benefits of our affiliation with the health system.”
In December 2017, Jones Memorial Hospital in Wellsville, which is part of UR Medicine, experienced an unexpected computer downtime due to a cyberattack.
“A limited number of our information services have been affected. However, to the best of our knowledge no patient financial or medical information has been compromised. We have been in contact with law enforcement and the New York State Department of Health since the downtime began,” the hospital stated then about the attack.
Jones Memorial Hospital is a 70-bed acute care facility serving all of Allegany County, as well as western Steuben County and northern Potter County, Pennsylvania.
The hospital reported the issue was isolated to Jones Memorial Hospital’s computer systems and its information technology staff partnered with the University of Rochester, as well as the IT departments at Noyes Health and St. James Mercy Hospital, to work on bringing its computer systems back. The hospital used what it called “the standard computer downtime procedures we regularly train and prepare for” that included manually entering information into patient medical charts.