Cyberattack on Hardin Memorial Health Caused EHR Downtime


A cyberattack on Hardin Memorial Health located in Kentucky caused EHR downtime and interruption to its IT systems.

The cyberattack began on the evening of April 5. According to spokesperson Troutt of Hardin Memorial Health, IT systems were interrupted because of a security breach. The details of the cyberattack was not provided yet, so it not yet sure if the incident was caused by hacking, malware or ransomware attack.

The health system worked 24 hours straight to restore the function of systems and servers. Most of the IT online systems has been restored and some units can already access the EHR systems.

In spite of the EHR system downtime, business operation continued as before and no hospital appointment was cancelled. The health system’s 50 hospital locations stayed open. The quality of care and patient safety were not affected by the breach.

When the security breach was discovered, emergency processes were put in place. An IT assessment to know the nature and scope of the incident was conducted and is still ongoing. Most of the issues related to the attack, however, were fixed in 24 hours.

Over the weekend, some extra staff came to assist in the remediation efforts and in the manual administrative processes until all online systems are fully working. About 40 internal IT and patient care specialists, some external experts and some Baptist Health partners helped to solve the problems immediately and conduct the assessment.

It appeared that Hardin Memorial Health was ready for the system downtime. The IT team routinely tests their emergency procedures to ensure quick implementation, thus, disruption of patient services was prevented. The IT team also implemented extra protocols to enhance system security.

Although not all cyberattacks can be stopped, recovery from such attacks is fast if there are tried and tested backup and emergency procedures in place. Patients services will not be affected as well.