SickKids lifts Code Grey with 80 per cent of priority systems restored

The Hospital for Sick Children (SickKids) has lifted the Code Grey that was called in response to a ransomware attack on Dec. 18, 2022. Approximately 80 per cent of priority systems, which are those that have a direct impact on hospital operations, have been restored.

“I am very thankful that we have been able to call the Code Grey All Clear relatively quickly with minimal disruptions to patients and families. Without the extremely hard work of our staff and expertise of external advisors over the holidays, we would not have been able to lift the Code Grey as efficiently as we have,” says Dr. Ronald Cohn, President and CEO of SickKids. “I want to express my deepest gratitude and thanks to our staff, patients, families and community partners for their patience and support, as well as the broader community for the overwhelming offers of assistance and expertise over the past two weeks.”

System restoration continues, patient care impacts have been minimal

SickKids’ Information Management Technology (IMT) team is continuing to work with operational leaders across the hospital to restore the remaining systems. The hospital has determined that patients and families are unlikely to experience any significant impacts to their care, and most clinical teams are no longer using downtime procedures. As a result, the Code Grey has been called All Clear. 

During the Code Grey, a small number of patients and families experienced diagnostic or treatment delays as clinical teams experienced delays in receiving lab and imaging results. Clinical teams continue to monitor but have not identified any serious health outcomes related to the service delays. 

The hospital’s electronic medical record (EMR) was not impacted but other systems that integrate with the EMR, such as dictation services, pharmacy systems, and the ability to view diagnostic imaging results were temporarily unavailable. Most systems that integrate with the EMR have been restored. A number of corporate systems were also temporarily impacted, including the hospital’s internal timekeeping system for staff and intranet. Some systems, such as AboutKidsHealth, are in the restoration process.

SickKids rapidly responded to ransomware attack and investigation is ongoing

The Code Grey was initially called at 9:30 p.m. ET on Dec. 18, 2022, in response to the discovery of a cybersecurity incident. Upon learning of the incident and that many systems were inaccessible, SickKids initiated its enterprise incident management structure, opened its command centre, and engaged third-party cybersecurity experts. 

SickKids teams and the third-party experts determined the incident was a ransomware attack and immediately started working around the clock to investigate, implement workarounds, and restore system access once it was safe to do so. Investigation into the ransomware attack is ongoing and is being led by the third-party experts. 

On Dec. 31, 2022, SickKids became aware of a statement from the ransomware group behind the attack with an offer of a free decryptor. The hospital has not used the decryptor to restore systems to date and has not made a ransom payment. SickKids continues to consult with its third-party experts to determine the most efficient and effective means to restore its impacted systems, including the possible use of the decryptor. There is no evidence to date that personal information or personal health information has been impacted.

“Ransomware and other malware attacks are becoming more and more frequent and sophisticated across organizations and industries. We know those behind these attacks are always trying to find new ways to get past digital defences,” says Nimira Dhalwani, Chief Technology Officer at SickKids. “Our cybersecurity measures meet a high standard, and we are confident that the safeguards and processes we have in place enabled us to respond rapidly to mitigate the impacts on hospital operations. We are working with our experts and industry partners to strengthen our collective systems wherever possible.”

Please see a recorded video statement from Dr. Ronald Cohn, President and CEO of SickKids.

SickKids has been continuously updating the public and the media through its website, www.sickkids.ca, and its Twitter, @SickKidsNews. Please refer to these channels for any past and future updates.