FRANKLIN, Ind. — Johnson Memorial Hospital in Franklin, Indiana, is still in recovery mode, 2 1/2 years after hackers crippled their system.
"It was a very difficult time," CEO and President Dr. David Dunkle said.
Dunkle said nurses and doctors were forced to go old-school, using pen and paper instead of computers and technology to help meet patients' needs.
"You have to have a nurse at your bedside in your ICU. You can't centrally monitor vital signs, so really, it was all hands on deck," Dunkle said.
Hackers gained access the hospital system at 10:31 p.m. on a Friday in October 2021. Ransomware was deployed two minutes later. The hospital's IT department detected abnormal activity less than 10 minutes later.
At 10:45 p.m., the system was shut down.
That would later impact patients and the hospital's cost for cybersecurity insurance.
"We are forced to spend millions on cybersecurity, and we're still suffering from higher insurance rates because of our attack, and we pay more than our peers, our same size peers do, because we had an attack," Dunkle said.
In recent years, Community Health, Franciscan, Eskenazi, IU Health, Schneck in Seymour, and now Ascension all became victims of attacks.
"We're a smaller organization with 950 employees. I can't imagine these large organizations. We see what Ascension is going through. My heart breaks for them because I've been there," Dunkle said.
Dunkle is learning what he can to help prevent another attack.
"The thing that's scary is you see all these hospitals that are attacked nationwide. You can be hypervigilant, you can spend millions in cybersecurity. We do education. We send fake emails to make sure employees don't click on them. We do education every two weeks with our employees and still you worry," Dunkle said.
The worry comes because operations could be shut down at any given moment.
Dunkle said a cybersecurity team helped get the hospital system back up and running.
Thankfully, pertinent data wasn't lost.
"The threat actors had put data on the dark web, saying we have this patient data, it was from a different hospital. So we were very lucky and blessed from that standpoint," Dunkle said.