BUCYRUS/GALION/ONTARIO – On Wednesday, Feb. 9, 2022, Avita Health System detected and stopped a network security incident. After discovering the unauthorized activity, our IT professionals – together with third party forensic and cybersecurity experts – immediately secured our systems and started restoring operations within a safe and remediated network environment.
Avita’s electronic medical records system was not impacted by this incident. At this time, we see no evidence that patient information was removed from our system. Currently, our health system is using computer downtime procedures to continue caring for patients. We apologize for the operational disruption that this event has caused, and may continue to cause, until a full and safe restoration of services has been completed. We are currently safely restoring our data in accordance with our business continuity and incident response plans, and are working to complete this process as quickly as we can. We expect our systems to be fully restored within a matter of days.
Due to the active management of a reputable endpoint detection and response (EDR) tool, we were able to immediately secure the environment and stop the spread of the unauthorized activity. We also shut down certain systems as a precaution. Our internal IT staff and third-party incident response team are currently using the EDR tool to further secure the environment and to ensure the network is contained. While these types of situations have become all-too-common nationwide, we recognize the significance of this event and have quickly taken the appropriate steps to address it. Our comprehensive investigation is ongoing, and this aspect of the incident response may span several weeks. Rest assured that we are committed to sharing more information as soon as it becomes available.