No patient or employee information compromised, ARH says


Cyberattack left ARH’s web-services offline in early August

By TJ Caudill - [email protected]



HAZARD — In August, a cyberattack left Appalachian Regional Healthcare’s (ARH) web-services offline for two weeks. Recently, ARH released the results of the investigation into the cyberattack. An independent digital forensic team, along with federal authorities, found no patient or employee health or financial information compromised during the cyberattack.

The combined efforts of the independent forensics analysis team, Mainstream Security, along with the United States Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) identified the cyberattack as a new form of ransomware. This new form of malware had not been previously observed by DHS or FBI.

ARH says Mainstream Security reported the malware that affected ARH’s systems was designed to target systems that use Windows operating system. According to Mainstream Security, the virus was only able to affect a test server. This test server is used by ARH to test certain software programs before they are incorporated into ARH’s hospitals.

According to ARH, none of the computers in ARH’s network use the Window’s operating system.

After a thorough investigation, Mainstream Security determined no personal or protected health information was accessed during the cyberattack in any of ARH’s facilities in eastern Kentucky or southern West Virginia, ARH says.

Mainstream Security said the issues that caused the cyberattack have been dealt with. They also said the hackers no longer have access to the system.

ARH said they were moving forward with tighter security procedures in place. They have contracted an experienced IT security organization, SDG Blue, to perform annual audits.

These audits will focus on HIPAA Security Risk Assessments, periodic firewall penetration testing, and upgrades to all layers of security protection.

In this day and age, ARH said, companies large or small are not immune to cyberattacks.

ARH President and CEO Joe Grossman said he was proud of ARH’s IT team for their swift response to the malware.

“We are proud of the manner in which our team handled this incident as well as the dedication and teamwork that was shown by our employees working throughout our ARH facilities as they rose to the occasion and demonstrated just how resilient our healthcare team can be no matter what challenge may come our way,” said Grossman.

TJ Caudill is a reporter with The Hazard Herald and he can be reached at 606-629-3245.

Cyberattack left ARH’s web-services offline in early August

By TJ Caudill

[email protected]

comments powered by Disqus