Estes Park Health

Patient Safety and Care were at the center of every decision

After the Sunday morning, June 2, malware attack, Estes Park Health was functioning in a normal state, in most of our services, by early Monday afternoon. Unfortunately, this type of attack is far too common in the world today. Several large corporations were attacked in a similar fashion this week. Because of the dedication of the Estes Park Health IT Department, we can report that no patient, financial or employee information was copied or removed from our system. Most importantly, patient safety and care were never at risk because of the professionalism of the entire staff, and the fact that there are protocols and procedures in place to handle emergency situations at Estes Park Health

To recap the last few days at Estes Park Health:

1. On Sunday morning June 2nd, approximately 1:30 a.m., a member of the Estes Park Health IT team noticed some abnormalities in the system. The IT member realized that the Estes Park Health system was under a virus attack and quickly shut down avenues for the virus to spread. This quick action significantly limited the effectiveness of the attack.

2. IT then received a message from the attackers stating that the systems they had been able to reach were now locked and a ransom message would follow.

3. Estes Park Health was prepared for such an attack. The Leadership Team realized that Estes Park Health was as vulnerable as any company to come under this kind of attack and had purchased cyber insurance specifically for this type of event.

4. Once it was determined that this was a ransom situation, Estes Park Health contacted the insurance carrier, law enforcement and the FBI. At that point, additional cyber security resources were activated, and negotiations began between the insurance company and the cyber attackers. Once Estes Park Health fully understood the systems that were locked and how critical they were to operations, a ransom amount was negotiated and paid by the insurance company. Fortunately, Estes Park Health will only have the deductible to cover.

5. Restoration of systems is still a work in progress. The Physician Clinic software has been moved to a read-only mode allowing physicians to review patient records. Physicians are currently using voice transcription documentation to capture patient visits and that transcribed information will be entered into a patient’s file when their software is fully functioning.

6. We will not understand fully how this attack entered our system until a comprehensive investigation is completed, but preliminary indications suggest access was made through a user account belonging to a third-party vendor.

7. Estes Park Health’s IT department has, and will continue to, work together with peer hospitals on the Front Range and around the state to help all healthcare institutions in Colorado stay strong against the threat of cyber-attacks. The tremendous cooperation of the healthcare IT leaders in our state is a wonderful example of the collaboration needed to bring great care to all citizens.

The Mission of Estes Park Health is to exist to make a positive difference in the health and well-being of all we serve. This statement is not just for the clinical departments. It applies to every department that works behind the scenes to make sure we deliver safe healthcare services at every stage of our patient’s journey. The IT Department’s quick response to shutting down this cyber-attack and their ability to restore as many systems as they did by Monday morning, is a shining example of how we live out our Mission every day.

Estes Park Health Senior Team and Board representatives will be at a table during the Farmers Market on June 6 from 8:00 a.m. until 12 noon. Please stop by with any questions you might have for Estes Park Health. The table spot is just outside Town Administrator Frank Lancaster’s office along MacGregor, near the trees and planter.

Please send any questions concerning this situation or about Estes Park Health to info@eph.org and we will respond to your inquiry.

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.