Normal operations at Nebraska Medicine should resume “in days” following a cyberattack that shut down computer systems early Sunday, health system officials said Thursday evening.
The outage, which officials described in a statement as a “significant information technology system downtime event,” led to the postponement of patient appointments this week and required staff in the system’s hospitals and clinics to chart by hand.
Staff have continued to see patients, officials said, but appointments for patients with elective procedures and appointments that were not critical have been rescheduled. The health system’s emergency rooms have remained open, and no patients were diverted to other hospitals, according to the statement, which was provided by Dr. James Linder, Nebraska Medicine’s CEO.
“People have done a yeoman’s job in making sure we deliver good patient care,” Linder said in a brief interview.
No patients’ electronic medical records were deleted or destroyed, according to the statement, thanks to the system’s “back-up and recovery processes.” But when asked whether patients’ medical or financial information had been exposed, a Nebraska Medicine spokesman said the statement contained all the information officials could provide.
The statement did not include any further information about the attack’s nature, extent or origins .
Officials noted in the statement that attacks on health care organizations are “rapidly increasing, and we are constantly assessing our security measures to help prevent cyber security incidents.”
With the advent of electronic health records, health systems collect and store a significant amount of information about patients.
Other hospital systems have had to deal with computer security problems. In February 2019, a device brought into a CHI Health location by a third-party vendor introduced a virus, also known as malware, into the health system’s network.
In 2018, Anthem Inc., the nation’s second-largest health insurer, agreed to pay the federal government what was then a record $16 million to settle potential privacy violations in what was labeled at the time as the biggest known health care hack in U.S. history, the Associated Press reported.
The statement said officials notified law enforcement after discovering the attack. When asked whether the FBI was assisting with the investigation, a spokeswoman for the FBI’s Omaha office said the agency was aware of the situation at Nebraska Medicine and had offered assistance.
Patients have expressed frustration, with some saying they had not been notified of canceled appointments.
Patients were also unable to access their online medical and billing information.
In the statement, officials said “the patience and professionalism that has been demonstrated by our staff and providers during this difficult time has been remarkable, and we cannot thank them enough.” The health system, officials said, remains “committed to providing extraordinary care, and will do everything we can to minimize any further disruption to our patients.”