Cybersecurity, Safety & Security

Code Grey: Lessons from a Malware Attack

Banner for cyber security with health care icons
Share this:

Albert Karas, Director, Pharmacy Services, Humber River Hospital  

The prevalence of cyberattacks is on the rise across Canada and the healthcare sector is increasingly becoming a target. There is a need for heightened vigilance across all pharmacy practice environments to help ensure the functionality of core pharmacy processes and the protection of patient information.

Albert Karas is the Director of Pharmacy Services at Humber River Hospital. Here, he recounts how a malware attack impacted the hospital’s pharmacy and medication management systems and how his staff adapted and adjusted their workflow to ensure patients received the care they needed.

Around 2 a.m. on June 14, 2021, Toronto’s Humber River Hospital was struck by a malware attack, triggering a Code Grey – or loss of essential services.

To prevent the ransomware from encrypting files, the hospital immediately shut down all of its over 3,000 computers and servers, leaving hospital staff–including pharmacy professionals—unable to access electronic patient records.

The system shutdown happened at a time when our teams were already exhausted from the ongoing challenges with the COVID-19 pandemic, and once again we were faced with adjusting how pharmacy care is delivered.

Transitioning from Digital to Paper

With all major pharmacy automation and distribution either partially or completely down—including medication administration records (MAR)—paper charts, orders and records had to be implemented immediately.

Our pharmacy and medication management system is a hybrid system with centralized cart fills generated by a central packaging and labeling automation. We also have decentralized automated dispensing units for point of care use including controlled substances. This meant that our pharmacy team had to pivot to a manual paper-based system for medication orders and utilize a rudimentary system to dispense medications for patient care.

In addition, a standard paper MAR had to be created for each patient and had to be updated manually with all new medication orders. Any clinical documentation including pharmacist notes needed to occur on the paper chart. Until all systems could be brought back online, our downtime procedures remained in effect as required.

All Hands on Deck

Communication and coordination with all teams, departments and senior management was critical to assess the scope and extent of the attack as the information and situation evolved over several days. We worked closely with our IT department and automation and systems vendors to try to bring systems back to partial and full functionality as quickly as possible.

We reached out to other hospitals to acquire prepackaged and labelled unit dose medications to alleviate the load and need to prepack a large amount of unit dose medications by hand. Multiple pharmacy teams were set up to work on various aspects such as preparing and dispensing medications for cart fills, completing clinical work and other general operational needs.

Picture of Humber River Hospital Pharmacy Services Staff
Humber River Hospital Pharmacy Services Staff
Manual pick stations were set up and organized by fast movers versus less frequently used medications in alphabetical order within each station. Automated dispensing units were replenished daily and some quotas increased to meet the increased demands.

Our ‘all hands on deck’ approach was required to meet the many challenges and fulfill the needs of patient care under the situation. We put additional checks and balances in place to ensure all medications were double checked by different team members. Many pharmacy staff and management team members worked countless hours around the clock to fulfill medication management needs due to the very drastic pivot from a completely electronic and automated environment to a manual and paper based one.

Having multiple pharmacy team daily huddles to share information on the hospital-wide situation and work through different problems and challenges that arose in providing medication services for our patients was key in minimizing disruptions to pharmacy operations.

Learning from Experience

Since the attack, we have reviewed and reinforced our downtime procedures including the need for additional safeguards and backup contingencies for all automation. A back up system for the electronic health records has been fortified to potentially avoid this kind of disruption in the future.

Pharmacy Services has a Code Grey box that contains a wide variety of items including downtime policies and procedures, staffing information, schedules and emergency call back lists.

We have been working closely with our IT department and vendors to explore potential use of our pharmacy automation for standalone operation without network requirements and reducing potential downtime. Finally, Pharmacy Services systems and automation have been prioritized as a high-priority area within the hospital systems/automation enterprise for assembly and resolution for additional IT resources.

Albert’s Advice for Pharmacies

  • Ask for help early on.
    • We asked a few hospitals if they could package and supply some medications for us on an interim basis, helping reduce the strain on the completely manual packaging of unit dose medications. Everyone is willing to help, just as you would help them in a similar situation.
  • Minimizing disruption to patient care means that you may need to adjust services to focus on critical aspects of care and medication management.
    • This includes looking at multiple day cart fills rather single daily cart fills (with supplementation) and other aspects (e.g., medical support/directive to hold non-critical items such as vitamins/supplements temporarily).
  • Print and have hard copies ready of all essential information such as all downtime policies and procedures as well as several copies of medication label templates, medication orders and MARs (in case you can’t access a computer or printer).
  • Work closely with your IT department and vendors to ensure pharmacy information systems and automation are appropriately backed-up and protocols are in place to limit downtime impacts.
  • Have a Code Grey simulation, including being unable to access any digital automation or no technology, including computers, email and printers.
  • You may not be able to prevent an attack, however ensuring downtime policies and procedures are in place and understood is a best practice.
Additional Resources

Share this: