Skip to content

How an HIE Aided in Recovery from a Ransomware Attack

Erie County Medical Center was the victim of a ransonware attack, but was able to utilize its HIE connection to continue providing patient care. 

When a ransomware attack hits a healthcare provider, it can obviously be financially devastating, but it could also interfere with patient care. Physicians might be unable to access health records, for example, which could bring legitimate harm to patients.

Organizations must have necessary detection and mitigation measures in place, but also need to have a plan for recovery, ensuring that normal operations can resume as soon as possible.

At approximately 2:30 a.m. on Sunday, April 9, 2017, Erie County Medical Center (ECMC) received a message that no healthcare provider wants: Pay the ransomware and we will re-enable your systems.

Buffalo, New York-based ECMC is a safety net hospital, meaning that it primarily provides care for lower income populations. It is also a Level One adult trauma facility, which further stressed the need for it to maintain regular operations in the wake of the ransomware attack, said ECMC Vice President of Communications and External Affairs Peter Cutler.

“When something like what happened in April occurs, it makes the whole situation all the more challenging,” Cutler told

“When it was detected, the IT personnel who were on site immediately notified their superiors, who then notified members of our executive leadership,” Cutler said. “We then immediately shut down the hospital’s entire computer system proactively. It was at that point that we started to deal with this pretty remarkable circumstance.”

ECMC had been hit with an extremely sophisticated ransomware attack, Cutler explained, and said that the first challenge the hospital faced was ensuring that clinicians could access patient health records.

This is where Western New York’s clinical information exchange (HEALTHeLINK) came into play.

Click here to read the full article.