BUFFALO, N.Y. (WIVB)- ECMC is spending millions of dollars to recover from a ransomware attack. International hackers locked up the hospital’s computer system in April and demanded $30,000.
The hospital refused to pay the ransom required for the key to unlock the system. ECMC officials now say it’s cost them $10 million to recover from the attack.
A portion of that money was spent on hardware and software to rebuild a new computer system. It also includes the cost of overtime pay and lost revenue while the system was down.
Vice President of Communications Peter Cutler told News 4 the hospital didn’t have to turn anyone away from the emergency room while the computers were down.
Operations are now back to normal at ECMC and there is still no evidence patient files were accessed during the attack.
Cutler told News 4 bots found a weakness in the computer system allowing “cyber extortionists” to get in and lock up the system.
He said security experts including NYS Police and the FBI advised the hospital not to pay the ransom because there was no guarantee the criminals would’ve actually provided the key to the system. They also had reason to believe the criminals may have demanded a higher ransom once the hospital agreed to pay it.
Culter said even if they paid the $30,000, they still would’ve had to rebuild a new computer system and incur that $10 million cost.
“If you pay the ransom there’s no guarantee what is returned to you is clean is not susceptible to a future attack,” he said. ”We felt we made the right decision in not only not paying the ransom but going about the business of restoring our computer system as quickly as possible.”
According to Cutler the cost of rebuilding is built into the hospitals capital plan and therefore won’t trickle down to patients’ bills.
A couple of months before the attack the hospital actually increased its insurance plan for cybersecurity from $2 million to $10 million so Cutler said the hospital is in a good place to recover.
The hospital will spend about another $5 million over the next several months to continue to upgrade technology and educate employees.
The new system is set up to prevent future attacks.