HSHS, Prevea restore health records system

GREEN BAY, Wis. (WBAY) - HSHS and Prevea health systems have access again to patients’ health records, and their patient-facing portals, including MyChart and MyPrevea, are working again.

The health systems announced Tuesday morning they restored functionality of their EPIC platform, which stores health records electronically. MyChart and MyPrevea can be used for accessing lab results and making appointments.

Although MyChart and MyPrevea were restored, patients are encouraged to call their provider’s office if they need urgent assistance instead of sending a message through the portal.

The hospitals and clinics have been working through a technology outage since late last month. They eventually acknowledged it was the result of a cyber attack.

A local cyber security expert told us it’s a positive sign. “Getting that MyChart system back up is critical for patient care, and so that I think from a patient care standpoint it’s really, really good,” Curt Esser, of Esser Consulting, said.

In a statement, the Hospital Sisters Health System and Prevea Health wrote, “We will respond to patient messages as quickly as possible, and we encourage patients to reach out to their provider’s office to speak with a member of their health care team, should they require urgent assistance.

“We remain focused on restoring the rest of our systems in a methodical manner, which will take time to complete. We appreciate your continued patience and look forward to continuing to care for our valued patients.”

The cyber attack last month affected phones, internet and communications systems, and clinical and administrative applications at all 15 HSHS hospitals in Wisconsin and Illinois and Prevea Health facilities.

Patient portals went down, closing off access to test results and patient history, and front desks started keeping paper records of patient visits. People couldn’t call loved ones in hospitals who didn’t have a personal cell phone.

Phone systems were gradually restored, and patients were given a growing list of phone numbers to call about appointments and other medical needs.

Facilities were only accepting cash or checks for payment. People were warned about scam emails and texts which appeared to be from the health systems requesting payment. People are asked to save those messages and email questions@hshs.org to investigate whether it was a legitimate bill from a partner or a scam.

Many patients and employees still wonder what, if any, personal information was compromised. The health organizations have yet to answer that question or provide us with an opportunity for an on-camera interview since this cyber attack.

“In this case you almost have to be better safe than sorry and take some action on it. One of the easiest ways is to take control of your credit and to freeze it, and then you can thaw it temporarily if need be,” Esser said, “and they have to freeze it with all three of the credit reporting bureaus.”

Hospital Sisters Health Systems and Prevea Health have said they were investigating the scope of the cybersecurity incident and whether patients’ personal information was compromised. The organizations said patients would be notified if their sensitive or personal information is affected.

HSHS president/CEO Damond Boatwright said they were working with third-party security experts and law enforcement.