Sky Lakes Medical Center, Oregon
It is 2023 and radiology runs smoothly at Sky Lakes Medical Center in Oregon. But the situation was different two and a half years ago when John Gaede, Director of Information Systems, and the hospital’s IT team were taken by surprise with a ransomware attack It caused the hospital’s entire IT system to be offline, leading to patient safety concerns. The radiology department remained operational, but they lost access to the PACS system, and radiologists had to read images on-site, while images had to be burned on CDs for storage to free up space on the scanners for more exams.
During my 20 years in the industry, this was the first time I implemented a system and everything just worked from the beginning. And we did it within less than 48 hours.
The spark that triggered a whole cascade of IT issues began when an employee clicked on an attachment to an email containing malware. The email offered employees a bonus and contained a small malicious program that spread through the entire Sky Lakes IT environment, encrypting server after server.
Figure 1: The email and the Google Document that contained the malware causing the ransomware.
The attack was detected the same day when a nurse reported that the electronic medical record (EMR) system was running slowly. Later that day, the IT department confirmed that it was a ransomware attack. Gaede had to act quickly and started to make phone calls in the middle of the night. Imagine the 3:30 a.m. phone call: “We have been hit by ransomeware.”
The entire hospital was put into a paper-based emergency procedure with a workflow reminiscent of the 1970s.
Gaede and his team worked tirelessly to resolve the situation — and the situation was really bad. Sky Lakes is a remote, rural hospital located in southern Oregon and serves a 10,000-square-mile area with no other hospitals nearby. It was critical for patient safety to get as many of the IT systems up and running as quickly as possible.
Initially, every system — including the financial, supply chain, EMR, diagnostic imaging, cardiology, and laboratory systems — was offline and all files were encrypted. In addition, the attack occurred during the first wave of the pandemic, making it even more challenging for hospital staff to care for patients without access to their tools. It was a fight against the clock since lives were at stake.
John Gaede, Director of Information Systems at Sky Lakes Medical Center in Oregon
In radiology, all modalities were able to continue running. Due to the loss of access to the PACS, radiologists had to be onsite at the hospital to read images, and could only access images on each individual modality. The attack also caused archiving issues as the images had to be burned onto CDs for storage to free up space on the scanners for more exams. The situation quickly turned critical as massive workloads started to pile up.
Gaede says that patient safety became a major concern. A few days into the attack, he reached out to the provider of the hospital’s radiology reporting software for help. The reporting side of radiology was quickly restored, but the PACS was a different story. The current PACS vendor estimated that it would take at least three months (60-90 days) to restore or rebuild the system. This was not an option.
“If the current PACS provider can’t help, then we will find a vendor that can,” says Gaede. He contacted a friend in diagnostic imaging for advice on the best alternate PACS vendors. Four days after the attack, he contacted two vendors and asked them to come up with a plan to get the hospital back online as soon as possible.
Sky Lakes needed an enterprise imaging solution for radiology that included everything: PACS, RIS, reporting, scheduling—all integrated into a single application and to be deployed overnight. This was no small request.
The two vendors’ offerings were scrutinized, and a decision was made immediately under the leadership of the Department of Imaging, the hospital’s radiologists, senior management, and information services. By 2:00 p.m. the same day, Gaede notified Sectra/Electromek (Electromek being a Certified Sectra partner), M-Modal/3M (Voice Dictation/Reporting) and AbbaDox (RIS) that they had been selected.
In the evaluation process, Sky Lakes gave several reasons for selecting Sectra, Geade says. These were:
People are so important. Sectra and Electromek have people of integrity.
After the decision was made to go with Sectra, it only took two days for a complete build of Sectra’s PACS to be available in the cloud. The system was provided as a service via the cloud since the local VM environment was compromised by the malware.
Another two days later and radiologists could also begin reading studies on iPads via the universal viewer. The day after that, the hospital had a fully integrated RIS and was up and running with the new Sectra PACS and M-Modal reporting system. And the week after, radiologists could enjoy a full integration of Sectra, M-Modal reporting, and AbbaDox RIS together with Epic EMR.
Worth mentioning in this story is that the new solution, installed over a very short time, offered a much more efficient workflow and reading performance than the one they had before the ransomware attack, Gaede says.
In particular, the functionality and speed that Sectra provides has been a significant improvement. In addition, we got a system that can handle images from all ologies, so we bought into an enterprise imaging solution in less than 48 hours.
Gaede emphasizes that the quick restoration of radiology wouldn’t have been possible without the vendors’ extraordinary mindset and willingness to do everything they could to get the system up and running. He credits Electromek for their rapid response in making the integrations work seamlessly.
Dan Thoma, President of Elektromek (a Certified Sectra partner since 2004), says: “It wouldn’t have been possible without the strong engagement from the RIS provider Abbadox and its owner Yaniv Dago. The success is a result of all partners working together as a team.”
“The performance of the enterprise imaging system/PACS is a very important component and was one of the reasons for selecting Sectra. But in times of crisis, it really boils down to good people. During this restoration we got both,” Gaede says.
Today, three years later, it is obvious that selecting the right partners has also been important from an innovation and long-term strategic perspecive. Gaede gives two examples:
The combination of being a long-term strategic partner and being able to dig deep in a crisis situation is a unique combination that I value greatly.
In the end, one employee’s accidental click on an email attachment resulted in malware encrypting every Windows-based system in the hospital, including the PACS, and resulted in 23 days offline for the EMR and the loss of about 140 images out of 1.5 million archived images. Overall, the attack took down 650 servers and about 150 applications.
According to Gaede, it took the hospital seven months to fully recover and to bring all systems back online. He stresses the importance of directly turning off servers as quickly as possible to prevent further damage. He also states that no IT system is safe when it comes to cyberattacks, but knowing that Sectra is a leader in secure communication solutions provides peace of mind.
Listen to Sectra’s podcast, where we discuss hot topics and trends in medical imaging. Our podcast series features a range of episodes that offer insightful perspectives and real-world experiences from thought leaders, industry experts, and medical professionals. So join us on this exciting journey as we explore the world of enterprise imaging!
