Windsor Regional Hospital looks to lift Code Grey declared over cyberattack
Hospital executive says 2 key systems are expected to come back online
Months after a cyberattack hit five hospitals in southwestern Ontario, Windsor Regional Hospital says it is looking to lift a Code Grey declared in wake of the attack — but it will still be much of this year before hospital systems are completely back online.
Chief Operating Officer Karen Riddell said at a hospital board meeting on Thursday the final two major systems impacted by the attack — one related to dispensing of medication and the other for cardiovascular information — are expected to be coming back online.
If all goes according to plan, the Code Grey will be lifted on Feb. 6.
"We have lots of systems left to bring online," Riddell said. "However, these last two systems ... were part of our last big clinical impact systems impacted."
The Oct. 23, 2023, ransomware attack brought electronic systems offline at five hospitals in Windsor-Essex, Chatham-Kent and Sarnia, which share the IT provider TransForm.
Windsor Regional Hospital says there's still a backlog on diagnostic imagining — MRIs and CT scans — but not for the most urgent of cases. There's a backlog of 10 weeks in cases considered semi-urgent.
Riddell said the hospital is working on a regional recovery plan with other hospitals to address the backlog.
Hospital CEO David Musyj says each hospital of the five hospitals hit by the cyberattack has their own timeline for lifting their Code Grey depending on the specific systems impacted.
While it's an external announcement, Musyj says lifting the Code Grey has more "internal meaning" with respect to the hospital's response.
Musyj said it will be "most of 2024" before systems are 100 per cent back online.
"But ...from a patient's lens coming to the hospital and from our staff lens, the major systems have been back up and running for about a month subject to those last two [systems]."
Musyj said the notification of patients is underway and continues because of the complexity of the process, which involves a third-party expert combing through the breached records to identify any and all patients and staff impacted.