Sky Lakes Medical Center, Oregon

From crisis to solution: Sky Lakes Medical Center’s rapid restoration of radiology after ransomware attack

It is 2023 and radiology runs smoothly at Sky Lakes Medical Center in Oregon. But the situation was different two and a half years ago when John Gaede, Director of Information Systems, and the hospital’s IT team were taken by surprise with a ransomware attack It caused the hospital’s entire IT system to be offline, leading to patient safety concerns. The radiology department remained operational, but they lost access to the PACS system, and radiologists had to read images on-site, while images had to be burned on CDs for storage to free up space on the scanners for more exams.

 

During my 20 years in the industry, this was the first time I implemented a system and everything just worked from the beginning. And we did it within less than 48 hours.

John Gaede, Director of Information Systems at Sky Lakes Medical Center in Oregon

The mouse click that ignited the fire

The spark that triggered a whole cascade of IT issues began when an employee clicked on an attachment to an email containing malware. The email offered employees a bonus and contained a small malicious program that spread through the entire Sky Lakes IT environment, encrypting server after server.

Ransomeware attack at Sky Lakes

Figure 1: The email and the Google Document that contained the malware causing the ransomware.

The attack was detected the same day when a nurse reported that the electronic medical record (EMR) system was running slowly. Later that day, the IT department confirmed that it was a ransomware attack. Gaede had to act quickly and started to make phone calls in the middle of the night. Imagine the 3:30 a.m. phone call: “We have been hit by ransomeware.”

The entire hospital was put into a paper-based emergency procedure with a workflow reminiscent of the 1970s.

A fight against the clock

Gaede and his team worked tirelessly to resolve the situation — and the situation was really bad. Sky Lakes is a remote, rural hospital located in southern Oregon and serves a 10,000-square-mile area with no other hospitals nearby. It was critical for patient safety to get as many of the IT systems up and running as quickly as possible.

Initially, every system — including the financial, supply chain, EMR, diagnostic imaging, cardiology, and laboratory systems — was offline and all files were encrypted. In addition, the attack occurred during the first wave of the pandemic, making it even more challenging for hospital staff to care for patients without access to their tools. It was a fight against the clock since lives were at stake.

The situation in radiology

John Gaede, Director of Information Systems at Sky Lakes Medical Center in Oregon

In radiology, all modalities were able to continue running. Due to the loss of access to the PACS, radiologists had to be onsite at the hospital to read images, and could only access images on each individual modality. The attack also caused archiving issues as the images had to be burned onto CDs for storage to free up space on the scanners for more exams. The situation quickly turned critical as massive workloads started to pile up.

Gaede says that patient safety became a major concern. A few days into the attack, he reached out to the provider of the hospital’s radiology reporting software for help. The reporting side of radiology was quickly restored, but the PACS was a different story. The current PACS vendor estimated that it would take at least three months (60-90 days) to restore or rebuild the system. This was not an option.

Resolving the issue by “changing gears”

“If the current PACS provider can’t help, then we will find a vendor that can,” says Gaede. He contacted a friend in diagnostic imaging for advice on the best alternate PACS vendors. Four days after the attack, he contacted two vendors and asked them to come up with a plan to get the hospital back online as soon as possible.

Sky Lakes needed an enterprise imaging solution for radiology that included everything: PACS, RIS, reporting, scheduling—all integrated into a single application and to be deployed overnight. This was no small request.

The two vendors’ offerings were scrutinized, and a decision was made immediately under the leadership of the Department of Imaging, the hospital’s radiologists, senior management, and information services. By 2:00 p.m. the same day, Gaede notified Sectra/Electromek (Electromek being a Certified Sectra partner), M-Modal/3M (Voice Dictation/Reporting) and AbbaDox (RIS) that they had been selected.

The reasons for selecting Sectra

In the evaluation process, Sky Lakes gave several reasons for selecting Sectra, Geade says. These were:

  1. People and trust: Sectra and their partner Electromek listened to Sky Lakes’ needs and assured them they would help with support, training, deployment and everything required until they were up and running again. Gaede says: “They kept that promise, working 24/7 with hardly any sleep. And what is really amazing is that this engagement has not faded today, three years later—they still provide the same dedicated service.”
  2. TCO and flexibility: When Gaede did some calculations, Sectra’s full service offering turned out with a lower total cost of ownership(TCO) . The main reason was Sectra’s higher flexibility in solution design. Gaede comments: “Again, Sectra and Electromek listened to us and provided a solution to match our needs.”
  3. Customer satisfaction: Sectra was the vendor with the highest KLAS scores and had been ranked #1 for numerous consecutive years. Gaede says: “This really shows that they take care of their customers.”

People are so important. Sectra and Electromek have people of integrity.

John Gaede, Director of Information Systems at Sky Lakes Medical Center in Oregon

Building a plane as you fly

After the decision was made to go with Sectra, it only took two days for a complete build of Sectra’s PACS to be available in the cloud. The system was provided as a service via the cloud since the local VM environment was compromised by the malware.

Another two days later and radiologists could also begin reading studies on iPads via the universal viewer. The day after that, the hospital had a fully integrated RIS and was up and running with the new Sectra PACS and M-Modal reporting system. And the week after, radiologists could enjoy a full integration of Sectra, M-Modal reporting, and AbbaDox RIS together with Epic EMR.

Worth mentioning in this story is that the new solution, installed over a very short time, offered a much more efficient workflow and reading performance than the one they had before the ransomware attack, Gaede says.

In particular, the functionality and speed that Sectra provides has been a significant improvement. In addition, we got a system that can handle images from all ologies, so we bought into an enterprise imaging solution in less than 48 hours.

John Gaede, Director of Information Systems at Sky Lakes Medical Center in Oregon

Choosing partners that go the extra mile

Gaede emphasizes that the quick restoration of radiology wouldn’t have been possible without the vendors’ extraordinary mindset and willingness to do everything they could to get the system up and running. He credits Electromek for their rapid response in making the integrations work seamlessly.

Dan Thoma, President of Elektromek (a Certified Sectra partner since 2004), says: “It wouldn’t have been possible without the strong engagement from the RIS provider Abbadox and its owner Yaniv Dago. The success is a result of all partners working together as a team.”

“The performance of the enterprise imaging system/PACS is a very important component and was one of the reasons for selecting Sectra. But in times of crisis, it really boils down to good people. During this restoration we got both,” Gaede says.

Long-term strategic partners

Today, three years later, it is obvious that selecting the right partners has also been important from an innovation and long-term strategic perspecive. Gaede gives two examples:

  1. Sky Lakes collaborates with St. Charles Health System, where neuroradiologists have a need to review cases from Sky Lakes. For a long time, this had been a problem, but together with Sectra and Electromek they came up with a solution by using Sectra’s cross-platform worklists. This enabled neuroradiologists to get direct real-time access to Sky Lakes’ images, which could be reviewed and reported on with exactly the same speed as when done on-site.
  2. The second example was when Gaede was looking for a solution for cardiology to manage ECGs. He presented the problem to Electromek and Sectra and instead of presenting obstacles as many other vendors would do, they just came up with a solution to include ECGs in the enterprise imaging system, including a workflow for review and archiving. “They just made it work. They are solution providers, and that’s very valuable,” Gaede says.

The combination of being a long-term strategic partner and being able to dig deep in a crisis situation is a unique combination that I value greatly.

John Gaede, Director of Information Systems at Sky Lakes Medical Center in Oregon

The importance of cybersecurity

In the end, one employee’s accidental click on an email attachment resulted in malware encrypting every Windows-based system in the hospital, including the PACS, and resulted in 23 days offline for the EMR and the loss of about 140 images out of 1.5 million archived images. Overall, the attack took down 650 servers and about 150 applications.

According to Gaede, it took the hospital seven months to fully recover and to bring all systems back online. He stresses the importance of directly turning off servers as quickly as possible to prevent further damage. He also states that no IT system is safe when it comes to cyberattacks, but knowing that Sectra is a leader in secure communication solutions provides peace of mind.

Featured products & services

Sectra One Cloud
Product | Enterprise imaging | AI in medical imaging | Breast imaging | Cardiology imaging | Digital pathology | Enterprise platform | Radiology imaging | Sectra One Cloud | Share and collaborate