Oct 13 2021

Q&A: How Infrastructure Upgrades Helped Sky Lakes Medical Center Survive a Ransomware Attack

The community hospital’s John Gaede, information services director, and Nick Fossen, technology systems manager, explain how a security partnership and infrastructure modernization prepared the healthcare organization for the future.

Healthcare organizations are becoming more vulnerable to cyberattacks due to the increasing collection of valuable patient data and the simultaneous rise in sophisticated security threats. However, modernizing a healthcare system’s infrastructure can lessen the damage from attacks such as ransomware and can facilitate the quick development of innovative technologies.

In a recent CDW Tech Talk, BizTech spoke with John Gaede, information services director at Sky Lakes Medical Center, and Nick Fossen, technology systems manager at the community hospital, about how the organization survived a ransomware attack thanks to a recent upgrade to its infrastructure.

Click the banner below to explore more CDW Tech Talk content from our sister publication BizTech.

BIZTECH: What are some of the unique challenges your organization faced that brought you to CDW?

GAEDE: In healthcare, we typically have about a 3 percent margin, so budgets are tight, and having enough human resources to tackle challenges is itself a challenge. Sky Lakes Medical Center, first of all, is a stand-alone, not-for-profit community hospital. We’re here for our community. We have about 1,500 employees and about 300 volunteers, and we serve an area with a 10,000-square-mile radius, which represents about 100,000 people. We do about 400,000 ambulatory or outpatient visits a year and about 28,000 emergency department visits, and our gross patient revenue is about $550 million.

But the truth is, that $550 million? When you put it up against the expenses, you end up with a 3 percent margin in a good year.

If you want healthcare in Klamath Falls, Ore., where we’re located, Sky Lakes Medical Center provides it locally, but at times we have services that go outside of our community. Sometimes in winter, with the snow and the weather conditions, that can be a challenge. So today, we want to talk a little bit about some of those challenges we face in that rural environment.

BIZTECH: How were you able to work with your CDW representatives to find a good solution for your organization?

GAEDE: Our core challenge was around budgets. Like many healthcare organizations, we’re always getting new projects, new technologies and new challenges, especially with COVID-19 and some of the challenges that brought. Then we had a ransomware attack right in the midst of that. However, we were very fortunate, and we actually felt prepared because of some of the investments we made in partnership with CDW.  

Our infrastructure was aging about three or four years ago, so we went out to the market and got some quotes for replacing our storage. But we needed to upgrade compute, networking and storage, all three. We were introduced to some new technologies, such as hyperconverged infrastructure. HCI really was new to the healthcare market. Nutanix has been doing a lot of work to lead that market in healthcare.

We went out and looked at multiple vendors and products, and ended up partnering with CDW in that journey to look at systems. But there’s more to that story. When we got our quote back on storage, we compared that with some of the preliminary quotes we got for replacing our entire platform, replacing our core infrastructure for network computing storage, with hyperconverged infrastructure.

Click the banner below for more security and incident response planning content from HealthTech.

We started doing our due diligence on the technology. Again, one of the targets was, we needed to simplify, and we needed to find a way that our engineers could work more efficiently and effectively with the technologies to stay on top of all the good work that we’re doing for our community and for the health system. When we got those quotes back, we found that HCI made sense from a financial perspective. But then we had the challenge, internally, with our engineers saying, “You know what, John? I know storage, I know compute, I know networking, I know how they work, I know how they communicate, and collapsing that in this new platform ...”

So that was a period of months of due diligence. CDW had a meeting in Chicago that we attended. They had some speakers who talked about hyperconverged infrastructure and the value that you gain with these kinds of technologies in terms of management and the ability to scale very, very rapidly and effectively.

After that meeting, Nick came alongside and said, “I think we need to investigate this.” So, we ended up implementing a full platform of hyperconverged infrastructure, along with storage shortly after that. We took the hyperconverged infrastructure for compute, storage and networking, and then all of our backup. CDW worked alongside us to pull that together, hand in glove, and give us a unified platform.

EXPLORE: Find out the benefits of hyperconvergence in healthcare.

BIZTECH: Nick, we’d love to hear from your team’s perspective. What were those results like, and how did it affect operations for you?

FOSSEN: Before we went to hyperconverged, we had all those things separate. So, when you had issues, you’re dealing with what vendor and where’s the issue. We struggled with those. We had issues, years ago, with the three-tiered architecture, where we spent months trying to solve a performance issue, just managing all that from a team perspective, and upgrades were extremely painful. When we moved to hyperconverged, now you have one vendor. It’s all tied together, and the management of it is extremely easy compared with a three-tiered system.

When the pandemic hit, we were saved from having to spend all this time managing the system. And then, of course, with ransomware, the backups were a huge component, as John mentioned. If we didn’t have the backup solution we had, we wouldn’t have recovered from ransomware. It would have been painful.

BIZTECH: What did your team learn throughout this entire process?

GAEDE: I’ll answer that from a strategic perspective. What we learned was that we made some really good decisions that prepared us for the future. We had no idea COVID-19 was coming, and we had no idea that ransomware was coming. But that investment in hyperconverged infrastructure, partnering with CDW in that process and that journey, and then deploying it allowed us to get the call on Friday afternoon saying, “We need a call center that can manage 1,000 calls coming in on Monday by 2 o’clock.” Then going to Nick and saying, “Hey, Nick, we need your team to set up at the fairgrounds for a drive-thru vaccination station.” So having that infrastructure in place allowed us to develop and get those technologies going very, very rapidly.

The second thing was, we survived a ransomware attack, and we didn’t have to pay a ransom. That was the investment. Again, the fact that we partnered with CDW to look at security backup solutions that fit right into our environment, and that we could manage in a very efficient manner, allowed us to do that. I look at it and say that our core infrastructure, that change and our storage investment have allowed us to manage the times and the craziness that we’re living in.

LEARN MORE: How can security training combat the threat of ransomware?

BIZTECH: What would your advice be for organizations that are facing similar challenges and trying to find their own way through a modernization process that includes security?

GAEDE: You need people, process and technology — all three of those things, and having the right partners. We don’t need vendor relationships in healthcare. It’s way too hard. We need partnerships. So having that with CDW allowed us to come together and pick state-of-the-art technologies that transformed our organization.

FOSSEN: I’m going to steal John’s advice. I think that’s really the key. Whether it was COVID or ransomware, my first call was to our account manager from CDW, saying, “Man, you’ve got to help us. We need help.” I think that’s really key. And then having that technology in place when those things happen, again, is another big part.

kjekol/Getty Images