Sonoma hospital’s computer systems in recovery phase

Russian cyberattack hindered test results|

Sonoma Valley Hospital is still in a recovery phase after being hit Oct. 11 with a ransomware cyberattack, with plans to increase security systems, officials told the hospital board at its recent meeting.

“No one did anything wrong, but there are a number of things we can do to improve our security,” Kelly Mather, hospital CEO, told the board at its Nov. 5 meeting.

Sabrina Kidd, chief medical officer, said there is an ongoing investigation and there is a “long way to go at this point.”

“This has proven to be a very difficult challenge,” Kidd said.

Among the protective measures, Mather said they will require longer passwords, implement a two-factor authentication, and hire a security company to conduct drills and audits. Experts told Mather that these days “you’re always chasing security risks,” she said.

The hospital practices “downtime once a month” at night, but Mather said they will consider doing it during the day going forward.

When the hospital’s IT department learned of the ransomware cyberattack it shut down every system of the hospital “to protect as much” as possible, she said.

Kelly Mather, CEO, Sonoma Valley Hospital
Kelly Mather, CEO, Sonoma Valley Hospital
’No one did anything wrong, but there are a number of things we can do to improve our security.’ Kelly Mather, CEO, Sonoma Valley Hospital

The “threat actor” is Ryuk, a “splinter group off a larger group in Russia,” Mather said. The group has been making demands of one to two million dollars of other hospitals.

“We never did hear much back from the ransomware or threat actor” about their demands, she said.

There was never any intention by the hospital to pay any of the demands, Mather said.

Mather was told the cyber criminals published “a lot of large files,” about 75 gigabytes of data, which according to experts Mather spoke with, “is a lot of data.” Most of what was taken were images dating back to 2009.

“We’ll know more for sure what they have soon,” Mather said.

With all systems down, Kidd said they reverted practicing ways “like we did in the 1990s, on paper.” Unable to process anything electronically, they manually processed results.

Some departments like the lab and imaging were “seriously affected,” but nursing and surgery “went on with their care,” Mather said. “It’s amazing what can continue to happen.”

Systems had to be completely rebuilt with a “brand new clean network.” Fifty computers needed to be replaced. There are some 75 different systems within the hospital and about 215 workstations that needed to be put back online. It’s a long process, Kidd said.

“I think we’re all feeling a lot more optimistic now,” Mather said.

Staff and patients have shown patience during the downtime. “Once they found out what was happening to us, we’ve gotten a lot of compassion,” she said.

Contact Anne at

UPDATED: Please read and follow our commenting policy:
  • This is a family newspaper, please use a kind and respectful tone.
  • No profanity, hate speech or personal attacks. No off-topic remarks.
  • No disinformation about current events.
  • We will remove any comments — or commenters — that do not follow this commenting policy.