ECMC confirms April computer attack was ‘ransomware’

BUFFALO, N.Y. (WIVB) – It has been a month-and-a-half since a malware attack on ECMC’s computer network, and hospital officials now confirm it was ransomware–the first attack of its kind on a hospital in New York. Most of the computers are back online, but recovery of the medical center’s 6,000 computer hard drives has been tedious.

ECMC’s 6th floor Orthopedic Unit staff has had full use of their computers for about two weeks, while some computers in other areas of the hospital are still offline, following the April 9 malware attack, which ECMC’s President and CEO Tom Quatroche, has confirmed was ransomware.

“They did not tell us exactly who it came from–a lot of different sources–but it was international, the hit–and the FBI obviously is still investigating that.”

Quatroche said the cyber setback could have been a lot worse, if not for the quick response of IT staff to shut down the hospital’s computers.

Ransomware is a virus that takes control of a company’s entire computer network, locking up, or encrypting, crucial data until a ransom is paid for a digital “key” that unlocks the computers. ECMC chose not to pay the ransom.

Quatroche said the hospital’s reputation was at stake, “You are paying criminals. So, from an integrity standpoint, it obviously was something that we did not want to do,” and ECMC’s chief said, they had the file redundancy to retrieve any lost data, “we had backup systems in addition to our online backup system where they blocked.”

While computer hackers are known to assure their victims once they send the electronic key to unlock their computers, they can get back to business quickly, Quatroche said, there were no assurances on their part.

“Would we really save that much more time by paying a ransom, and the answer to that question was ‘no’,” although the restoration process has proven to be laborious.

ECMC’s email program is still is not back online–that is where they believe the attack originated–and they plan to establish a firewall between the email and medical operations.

“We will have more walls, we will have more ‘watchtowers’, watching what is going on so that we can quickly detect somebody that is not authorized to be in our system.”

Despite the 24-hour, 7-day rebuilding process, Quatroche said it could still be another couple of months until “normal” at the hospital is realized, and again assured the public that no patient information was compromised. provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others. If you see an inappropriate comment, please flag it for our moderators to review. Note: Comments containing links are not allowed.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s