Cyberattack Forces West Virginia Hospital to Scrap Its Computer Systems

Princeton Community Hospital in rural West Virginia will scrap and replace its entire computer network after being struck by the cyberattack paralyzing computers globally.

The cyberattack, known as Petya, froze the hospital's electronic medical record system early Tuesday, leaving doctors unable to review patients' medical history or transmit laboratory and pharmacy orders, said Rose Morgan, the hospital's vice president of patient care services.

Officials were unable to restore services, and found there was no way to pay a ransom for the return of their system. So, after consulting with the Federal Bureau of Investigation and cybersecurity experts, officials made the decision to replace the system.

Now, doctors, nurses and other hospital staff are adjusting to what will be days of working off paper forms to record vital signs, order medications and scribble notes.

"There is a lot more paper visible up on our units than there used to be, " Ms. Morgan said. "It was a bit of organized chaos at first. Now we've hit our stride."

Nurses reverted to two-foot-long paper templates for patient records known as flow sheets, she said.

Employees from human resources and finance, who can't work without computers, have stepped in to ferry doctor's orders from one hospital department to another, deliver prescriptions or shuttle billing records. The pneumatic tubes that typically whisk materials throughout the hospital fell silent in the attack. The tube system is connected to the hospital's computer network.

The Petya attack disrupted operations at major corporations including Merck & Co. and A.P. Moeller-Maersk A/S and at least two other U.S. hospitals owned by the Heritage Valley Health System in Pennsylvania.

Surgeons at the Heritage Valley Hospital in Beaver, Pa., canceled elective surgeries Tuesday and Wednesday, but the Heritage Valley hospitals and emergency rooms remained open.

Heritage Valley continued to make progress restoring its clinical and ancillary care systems Thursday, a spokeswoman said. Regarding whether the system was able to pay a ransom, she said, "Even if we wanted to pay, it is our understanding the [internet service providers] have blocked communication with the attackers."

At Princeton Community Hospital, new hardware will replace existing infected computers and servers. Backup records will be used to restore patient files after technology staff screen the backup files to be sure they aren't infected by the malware, Ms. Morgan said. Officials hope to have the network rebuilt by the end of next week.

It isn't yet known how much it will cost and how much the hospitals' cyber insurance and business-continuity insurance will cover. The nonprofit hospital, which ends the fiscal year on June 30, finished last year with a slim 3.5% operating margin on revenue of $139.1 million.

The cyberattack almost left Princeton Community Hospital without even paper templates, which were stored on a computer file, to be printed. No one could access the file, Ms. Morgan said. Fortunately, her administrative assistant, Linda Cunningham, had an archive of paper templates that she had printed and saved in a binder, Ms. Morgan said.

Doctors and nurses continued to care for more than 100 patients who were being treated in the hospital Thursday, according to Ms. Morgan. Surgeries continued as scheduled. Four uninfected computers can access the hospital's electronic medical record data using an uncompromised guest network, but the records can only be viewed, she said.

The emergency room continued to accept patients with life-threatening conditions, but diverted other ambulances between Tuesday morning and Thursday morning.

The emergency room reopened to all patients Thursday morning, Ms. Morgan said.

Write to Melanie Evans at

(END) Dow Jones Newswires

June 29, 2017 17:13 ET (21:13 GMT)